Phishing Alert: Subjects Vary - Fake Work notifications targeting health care.

Date Sent: 
Thursday, October 29, 2020

Phishing Email Summary

A variety of phishing emails targeting health care providers, the public health sector, and other healthcare related organizations and their data. 

These phish attempt to trick the recipient into following links that download malware and ransomware, often in the form of infected MS Office documents. They try to create a sense of urgency to trick the recipient into clicking by mentioning important job-related changes or time-sensitive workplace information. Common false claims in these phish include:

  • Changes in the recipient's salary, awards of bonuses, or offers of other workplace financial incentives.
  • Requests to participate in employee surveys.
  • Requests to review work-related documents prior to upcoming meetings.
  • Requests to view documents related to employee complaints.
  • Changes to employment status, including dismissal from employment.

Some versions of this phish are branded with the company name One Medical, others use signatures claiming to be from "payroll assistant" or "accountant" to make email look more official.

How to Protect Yourself and U-M

If you are ever suspicious about an email message, report the message using the directions in Phishing & Suspicious Email.

Be wary of unexpected email or email attachments.

  • If the email is unexpected and from a known person, unit, or organization, contact the sender via a different email (not a reply!) or by phone to see if they really sent the unexpected email. If they say they did not send it, report the email.
  • If the email is from an unknown person or company and seems suspicious, report it.

Do not download or open unexpected docs or attachments. In particular, be cautious of: 

Check links before clicking them. Hover over all links and look at the URL before clicking. If a link seems to point to something other than what is claimed in the email, do not click it, report that email.

Phishing Email or Site Screenshot: 
Screenshot of phishing email with link to a fake work doc.
Screenshot of phishing email with link to a fake work doc.

Some U-M community members reported receiving this email. It is fraudulent or malicious. Do not respond, click any link in it, or provide personal information or money. See Phishing & Scams for more tips. If you need help, contact the ITS Service Center.