Phishing Alert: Subject may vary or be blank - From: impersonate ITS Service Desk

Some U-M community members reported receiving this email. It is fraudulent or malicious. Do not respond, click any link in it, or provide personal information or money. See Phishing & Scams for more tips. If you need help, contact the ITS Service Center.

Date Sent: 
Monday, July 20, 2020

Phishing Summary

This phishing email may have various or blank subjects. The "from" field includes a spoofed ITS Service Desk sender name. The email attempts to trick the recipient by claiming that their email account will be "cut off" if they do not respond by clicking a link in the phish. The phish also attempts to look more official by adding a publicly-known U-M address to the signature. Links in the phish go to a fake login page designed to steal user credentials. The fake login page has an incorrect URL. 

The real ITS Service Center will not contact users in this way about email accounts expiring or otherwise ending. If you receive this or similar email you should:

  • Check the from address to see if it is a fake using the information in How to Spot a Spoof. In this case, the "from" name and email address don't match, and the sender's email address is not a "" address.
  • Delete it without clicking on the links or replying.
  • Contact the ITS Service Center if you have any concerns about your email account.

Remember to always check the URL before logging in with your U-M credentials. The real U-M weblogin page is: .

Links have been removed from the example below for safety.

Phishing Email Text

Attention !
As you requested on your account reset, your E-mail Account will be cut off and email service will be discontinued

NOTE: Access to E-mail Service will be denied, emails, contacts and files will be wiped off, If this is an error and you did not request for this.

Restore your Account Here

ITS Help Desk,
University of Michigan
500 S. State Street, Ann Arbor, MI 48109 USA
 2020 The Regents of the University of Michigan

Phishing Email or Site Screenshot: 
Image of the fake login page linked in the phishing email. Always check the URL before logging in.