Phishing Alert: o365mc@microsoft.com

Some U-M community members reported receiving this email. It is fraudulent or malicious. Do not respond, click any link in it, or provide personal information or money. See Phishing & Suspicious Email for more tips. If you need help, contact the ITS Service Center.

Date Sent: 
Tuesday, April 16, 2019

Phishing Email Summary

This phishing message attempts to trick users into entering their credentials in a fake Microsoft Office or Outlook login site. The site is personalized, so users will see their own (or familiar) names and uniqnames used. You should always be suspicious of any login that does not direct you to use the U-M weblogin page. U-M email should authenticate through https://weblogin.umich.edu or https://weblogin.med.umich.edu .

Links and usernames have been removed from this example.

Phishing Email Text

Dear [Username] @ umich . edu 
You have (8) emails in quarantine notification.
    TR : Final Investor list ready for Series A
      From Bob Hendicott ( [username] @ equiteq. com)
      MAIL FROM bo-b5tj1g9au9t3g6augzdv3qce1g1u0f @ equiteq . com 
      To : [Username] @ umich.edu
      4/15/19 3:48 AM | pdf | 8.7 MB

Release       Delete      Approve      Block [links removed]
                   
Emails will be deleted automatically after 30 days. You can change the frequency of these notifications within your email quarantine portal.
View Messages [link removed]

Have a Question? [link removed] 

For assistance please contact your local Steward IS Help Desk.

Phishing Site Screenshot: 
A fake Microsoft Office or Outlook login page is presented by the link in the phishing message.