Date Sent
Description
In this type of scam, an individual searches for “Wolverine Access” in Google or another search engine. The top sponsored search result is a link that leads to a fake U-M Weblogin screen. If the user enters login credentials there, a threat actor steals them and uses them to log in to the real Wolverine Access. Once in Wolverine Access, they redirect the person’s payroll direct deposit to their own bank account.
How it Works
- An individual searches in Google or another search engine for “Wolverine Access” and then clicks the top sponsored search result, which is a link that leads to a fraudulent web page made to look like the official U-M Weblogin.
- The threat actor receives the UMICH login credentials and enters them into the real U-M Weblogin as they attempt to get into Wolverine Access. During this time, the individual sees a spinning wheel on the screen.
- When the threat actor enters the login credentials, a Duo multi-factor authentication push notification is initiated.
- If the user approves Duo multi-factor authentications (they will receive two as the threat actor logs into Wolverine Access), then the threat actor will be able to get into Wolverine Access.
- Once in Wolverine Access, the threat actor redirects the individual’s payroll direct deposit to their own bank account.
Note: The threat actor can also use the stolen login credentials to perpetrate other malicious activity using the UMICH login credentials, such as using the individual’s email account to send fraudulent phishing emails to others.
For information and to learn how to protect yourself, see Login Theft Scams and Look Before You Login.
Phishing Email or Site Screenshot
