USER SECURITY ALERT

Date Sent

Phishing Message Summary

This phishing email attempts to trick users into providing their name and password to a fake login site. The subject is in all caps and alarming to try and get users to rush to comply without considering if the message is legit, and the salutation may be customized to your uniqname or group email address. The body of the message tries to fool users into thinking their account may have been compromised by someone in Iran, and threatens shutdown of a user account if action is not taken. The phish also claims to come from an unmonitored email address you cannot reply to. All of these are clues this is a phish, not email from U-M. The fake login site has an incorrect URL that is not weblogin.umich.edu.

Phishing Email Text

Hi [uniqname or email address]

Recently we received a login activity notifications from this IP: 5.78.255.255  located from Iran into your Email account: [uniqname or email address]. Please do login into your account and verifiy this activity if you are the one.

We will ensure that we block your account if we do not hear from you. Please kindly click the link below to carry out a validation on your account.

Validate Your Login Account
Thanks,
The Email Team
This email has been sent from an unmonitored email address. Please do not reply to this message. We are unable to respond to replies.

2018 Email Administrator Inc. All Rights Reserved. | Privacy policy

Phishing Email or Site Screenshot
A fake login page is presented by the link in the phishing email. The fake site has the incorrect URL.

Some U-M community members reported receiving this email. It is fraudulent or malicious. Do not respond, click any link in it, or provide personal information or money. See Phishing & Scams for more tips. If you need help, contact the ITS Service Center.