Common Scams

Below are some common types of scams reported by members of the U-M community. They often very sophisticated and require a watchful eye.

Scams may be used to infect your computer with malware:

• Ransomware
  Scammers use malicious software to encrypt data on your computer or other networked devices, preventing you from accessing it and ask you to pay a ransom to get your access back. Don't pay the ransom!

Scammers may use a common hook that becomes a trend, such as:

• Job offer scams
  Scammers contact someone and offer them a job, but ask for a favor or favors in return, usually involving helping to acquire things of value like gift cards, or to process a check that turns out to be fake.
• Housing scams
  Scammers impersonate U-M housing staff and aim to induce the recipient to sign a fake "housing contract" and then make a "rent" payment to them.
• Football ticket scams
  Scammers offer U-M football tickets for sale on social media, such as GroupMe or Facebook groups, impersonating real students, and ask for payment using nonrefundable methods.
• Multi-factor authentication scams
  Scammers use a legitimate multi-factor authentication (MFA) service, such as Duo, to trick people into giving access to their account by getting them to provide an MFA approval.
• Sextortion scams
  Scammers send extortion emails that try to coerce people into making payments by accusing the recipient of engaging in activities of a sensitive nature, such as watching pornography, and threatening to make embarrassing/explicit information about them public.
• Tech support scams
  Scammers impersonate tech support staff, claim to know that something is wrong with your computer, and offer to help you fix it in order to steal your personal information.
• Tutoring overpayment scams (check overpayment scams)
  Someone posing as a tutoring customer overpays the tutor with a fraudulent check and then asks to be refunded the "extra" payment. It's a variation on "check overpayment" scams.
• Tax fraud
  Identity thieves try to file fraudulent tax returns in your name and steal your tax refund, or they may attempt to steal your identity through emails or phone calls.

Scammers may reach you through a variety of methods, such as:

• Phishing emails
  Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information; or infect your computer with malware.
• Phone scams and voice phishing (vishing)
  Scammers use fraudulent phone calls to trick you into giving money or revealing personal information, often pretending to represent a trusted institution, company, or government agency.
• Text message (SMS) scams (smishing)
  Scammers send an unsolicited text message that prompts you to click a link or reply; they try to steal personal information and money, and commit fraud.
• Spear Phishing (U-M video)
  Criminals disguise their messages and websites to look like official U-M messages and websites. It's a more targeted version of phishing.
• Shared Document Emails Can Be Traps
  Scammers use emails directing you to shared documents in order to try to steal your password and compromise your computing account.
• Office Doc Dangers: Macros & Enabled Content Pose Risks
  Scammers use Microsoft Office Macros—small bits of programming used to automate tasks—to spread viruses and malware.

Resources

• Tax Scams/Consumer Alerts (IRS)
• Report Phishing and Online Scams (IRS)
• Taxpayer Guide to Identity Theft (IRS)
• Consumer Information: Tech Support Scams (FTC)

Stay Informed

• Phishes & Scams at U-M
• Alerts, Advisories & Notices (cybersecurity and privacy risks)