Phishing Message Summary
This phishing email attempts to trick users into providing their name and password to a fake login site. The subject is in all caps and alarming to try and get users to rush to comply without considering if the message is legit, and the salutation may be customized to your uniqname or group email address. The body of the message tries to fool users into thinking their account may have been compromised by someone in Iran, and threatens shutdown of a user account if action is not taken. The phish also claims to come from an unmonitored email address you cannot reply to. All of these are clues this is a phish, not email from U-M. The fake login site has an incorrect URL that is not weblogin.umich.edu.
Phishing Email Text
Hi [uniqname or email address]
Recently we received a login activity notifications from this IP: 18.104.22.168 located from Iran into your Email account: [uniqname or email address]. Please do login into your account and verifiy this activity if you are the one.
We will ensure that we block your account if we do not hear from you. Please kindly click the link below to carry out a validation on your account.
Validate Your Login Account
The Email Team
This email has been sent from an unmonitored email address. Please do not reply to this message. We are unable to respond to replies.