Common Scams

Learn More

If You Get Caught

Scammers typically aim to get you to do one or more of the following:

  • Give access to your device, or download and install malware/ransomware*.
  • Give them sensitive information such as login credentials, authentication codes, or other personal information.
  • Send money or give them your banking info.

Types of Scams

Below are some types of scams reported by members of the U-M community. They are often sophisticated and require a watchful eye.

  • Book club scams
    Scammers target authors with a flattering and legitimate-looking email invitation for their work to be included in a curated book club, then ask for a fee.
  • Football ticket scams
    Scammers offer U-M football tickets for sale on social media, such as GroupMe or Facebook groups, impersonating real students, and ask for payment using nonrefundable methods.
  • Housing scams
    Scammers impersonate U-M housing staff and aim to induce the recipient to sign a fake "housing contract" and then make a "rent" payment to them.
  • Invoice scams
    An invoice scam occurs when a threat actor sends you a fake invoice, attempting to trick you into seeking a refund for a product or service you never paid for. The scammer often impersonates a legitimate payment or document service to make the invoice appear credible.
  • Job offer scams
    Scammers contact someone and offer them a job, but ask for a favor or favors in return, usually involving helping to acquire things of value like gift cards, or to process a check that turns out to be fake.
  • Multi-factor authentication scams
    Scammers use a legitimate multi-factor authentication (MFA) service, such as Okta, to trick people into giving access to their account by getting them to provide an MFA approval.
  • Login theft scams
    Threat actors create sophisticated scams to steal your U-M login credentials. They use false pretenses, such as a party invitation or a request to review a document.
  • Sextortion scams
    Scammers send extortion emails that try to coerce people into making payments by accusing the recipient of engaging in activities of a sensitive nature, such as watching pornography, and threatening to make embarrassing/explicit information about them public.
  • Sponsored Link scams
    Sponsored" doesn’t mean "safe” – threat actors pay for ads at the top of Google search results. These links could lead to fraudulent websites. (scam example)
  • Tax fraud
    Identity thieves try to file fraudulent tax returns in your name and steal your tax refund, or they may attempt to steal your identity through emails or phone calls.
  • Tech support scams
    Scammers impersonate tech support staff, claim to know that something is wrong with your computer, and offer to help you fix it in order to steal your personal information.
  • Tutoring overpayment scams (check overpayment scams)
    Someone posing as a tutoring customer overpays the tutor with a fraudulent check and then asks to be refunded the "extra" payment. It's a variation on "check overpayment" scams.

Scam Methods

Email and Websites

  • Phishing emails
    Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information; or infect your computer with malware.
  • Targeted Phishing (spear phishing)
    Criminals disguise their messages and websites to look like official U-M messages and websites. It's a more targeted version of phishing.

Voice and Text

  • Phone scams and voice phishing (vishing)
    Scammers use fraudulent phone calls to trick you into giving money or revealing personal information, often pretending to represent a trusted institution, company, or government agency.
  • Text message (SMS) scams (smishing)
    Scammers send an unsolicited text message that prompts you to click a link or reply; they try to steal personal information and money, and commit fraud.

Documents

Resources

Stay Informed