This phishing email may have various or blank subjects. The "from" field includes a spoofed ITS Service Desk sender name. The email attempts to trick the recipient by claiming that their email account will be "cut off" if they do not respond by clicking a link in the phish. The phish also attempts to look more official by adding a publicly-known U-M address to the signature. Links in the phish go to a fake login page designed to steal user credentials. The fake login page has an incorrect URL.
The real ITS Service Center will not contact users in this way about email accounts expiring or otherwise ending. If you receive this or similar email you should:
- Check the from address to see if it is a fake using the information in How to Spot a Spoof. In this case, the "from" name and email address don't match, and the sender's email address is not a "umich.edu" address.
- Delete it without clicking on the links or replying.
- Contact the ITS Service Center if you have any concerns about your email account.
Remember to always check the URL before logging in with your U-M credentials. The real U-M weblogin page is: https://weblogin.umich.edu/ .
Links have been removed from the example below for safety.
Phishing Email Text
As you requested on your account reset, your umich.edu E-mail Account will be cut off and email service will be discontinued
NOTE: Access to E-mail Service will be denied, emails, contacts and files will be wiped off, If this is an error and you did not request for this.
Restore your Account Here
ITS Help Desk,
University of Michigan
500 S. State Street, Ann Arbor, MI 48109 USA
2020 The Regents of the University of Michigan