Criminals invent increasingly sophisticated lures and tactics to carry out scams. They may try to:
- Steal your login credentials using fake login screens.
- Get you to divulge sensitive information by pretending to be people or organizations you trust.
- Get you to make payments through apps, gift cards, or by asking for refunds.
- Obtain and maintain access to your accounts and devices under false pretenses.
Learn more ways to Spot Phishing & Scams.
Follow the steps below to identify and avoid scams.
Spot Scams
- Check the full URL of links before clicking to see if they go where you expect: hover over the link on your computer; on your phone press the link and hold down until you see a dialog box with the URL. Pay close attention as threat actors will often create URLs similar to those of legitimate websites.
- Verify the identity of the sender: check the “Reply-To” address to see if your reply would go where you think it should; check for spoofed email by looking up the individual in MCommunity and other trustworthy directories, and use that information to contact them yourself.
- Be wary of suspicious content and claims. Spelling mistakes, grammatical errors, unexpected and unusual requests for “urgent action” are red flags, and offers that are too good to be true are often signs of a scam.
- Look closely at login pages and warning messages by checking page URLs and paying attention to warnings on email messages. A legitimate U-M login page URL begins with https://weblogin.umich.edu/.
- Be on the lookout for scams using legitimate U-M services, such as Duo, DocuSign, and Slack, that link to fake login pages, ask you to open fake documents, or require you to share your screen or download software.
- Watch for emails from threat actors pretending to be colleagues or journalists requesting reviews, asking you to download files, or asking you to share sensitive documents or software with them.
Protect Yourself
- Do not share personal and sensitive information with suspicious contacts; do not respond to suspicious emails and texts, and hang up on suspicious callers.
- Report suspicious email to [email protected] following these guidelines.
- Take action if you get caught. If you gave personal information in response to a scam, report the incident to the ITS Service Center, change your UMICH password, and follow additional instructions at What to Do if Your Account May Be Compromised.
Stay Informed
- Follow updates on scams targeting the U-M community.
- Check out the Phishing curriculum.
- Learn more about how to protect yourself (including from online abuse and harassment).