Scam Email Summary
An email scam that impersonates healthcare workers attempts to lure the recipient into providing their uniqname, password, and a Duo passcode by offering more information about a case of the West Nile Virus on campus.
The link from the email takes the recipient to a fake login page designed to appear like the U-M Weblogin page. In addition, the recipient is asked to enter a two-factor authentication passcode into a pop-up designed to look similar to a Duo prompt.
Finally, you are redirected to a legitimate U-M staff or faculty member’s page.
The actual text from this scam email is at the bottom of this page.
Tricks used to make the email look legitimate
- The Sender may be a legitimate U-M staff member or a staff member from another university.
- The university is referenced by name in the Body.
- The Signature uses a legitimate title for the impersonated sender.
- The “From" address may be spoofed.
- The “Reply to" address is not a U-M address or does not match the sender.
Fake login pages and Duo prompts
- The URL of the fake login page is not weblogin.umich.edu. See Look Before You Login for more information about how to spot a fake.
- A fake Duo prompt to trick a person into providing a Duo passcode for two-factor authentication. See Scams Utilizing Duo to Steal Pass Codes and Prompt Pushes for more information.
Red Flags
The scammers request the recipients follow a link for more information about a healthcare case. They are then asked to provide login information. The following should be considered a red flag:
- Non-umich.edu email address of sender. All official communication from the University of Michigan will come from senders with umich.edu email addresses. Note that in some cases the sending email address may be spoofed, which means that it will look exactly like a real email umich.edu address. You can find out How to Spot a Spoof on Safe Computing.
- The email provides a link to more information about the case. Typically, health alerts do not offer details about specific cases. General information will be contained in the health alert email body.
- Request to login for more information. Public health information is not generally behind login.
How to Protect You and U-M
Do not reply. If you receive a suspicious message that appears to be from someone at U-M, look for signs that the email is fraudulent. Most phishing and scams can be spotted quickly. If you find obvious signs of a scam, delete the email, and do not reply to it.
Verify and Contact. If there are no obvious signs of phishing but the email content is suspicious (offers of jobs you have not applied for, or contact from someone you do not know, for example), look up that sender's contact information in the MCommunity directory and email or call them yourself instead of using the reply-to in email or the information provided in the email.
Report Phishing and other Email Abuse. ITS Information Assurance has a process for reporting suspicious, abusive, or scam emails. Your reports help us to tailor technical responses and provide warnings and guidance to the U-M community.
If You Are Tricked
- If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.
- Change your UMICH password and follow the instructions at What to Do if Your Account is Compromised.
- Carefully review any online account that became vulnerable as a result of responding to the scam.
- If You Entered a Duo Passcode
- Change your UMICH password immediately!
- Generate and use a new Duo passcode by logging in to an account that requires Duo and use a passcode for authorization. The passcode(s) you unintentionally gave to the threat actor will be invalidated when you create AND USE a new one. In other words, use of a later passcode invalidates passcodes created earlier.
- Be aware that you are not notified when a Duo passcode is used, so a threat actor could be using your passcode without your knowledge.
- File a police report.
- See our Identity Theft page if your personal information was compromised.
- See What To Do if You Were Scammed from the FTC for information on what to do if you were scammed out of money or personal information.
Scam Email Text
From: [redacted] <[redacted]@utk.edu>
Date: Mon, Sep 9, 2024 at 11:23 AM
Subject: Health Alert: West Nile Virus Case on Campus
Dear University of Michigan-Dearborn Staff,
We want to inform you that a member of our University of Michigan-Dearborn community has been diagnosed with West Nile Virus (WNV). This highlights the importance of taking precautions against this mosquito-borne illness.
The affected individual is receiving medical care. Click For more details about the case
Key Information:
- West Nile Virus is spread by mosquitoes. While most people show mild or no symptoms, severe cases can cause serious health issues like encephalitis or meningitis.
- Symptoms may include fever, headaches, body aches, and in severe cases, confusion or muscle weakness.
How to Protect Yourself:
- Eliminate standing water to reduce mosquito breeding areas.
- Use insect repellent, especially during dawn and dusk.
- Wear long sleeves and pants to avoid mosquito bites.
University Actions:
- The university is increasing mosquito control efforts on campus and will provide updates as needed.
If you experience symptoms, please contact University of Michigan-Dearborn health services immediately.
Thank you for helping keep our campus safe.
Sincerely,
[redacted] (she/her)
Special Collections Reference Health
University of Michigan-Dearborn
Health Care Center