Check the URL
When you log in on the web using the Weblogin page, always check the URL before you enter your password. Many people at U-M receive phishing emails with links to fake Weblogin pages. The fake pages look exactly like the real one. When people log in to the fake page, their password is stolen, and their U-M account is compromised. The only clue that the page is fraudulent is the URL. Criminals may use pieces of that URL, but not the exact thing
Before entering your UMICH password on a web page, check that the page's web address/URL begins with
https://weblogin.umich.edu/
What If You Logged in to a Fake Weblogin Page?
These clues might lead you to think you accidentally logged in to a fraudulent page:
- After you log in, you see a login page again instead of being taken to the page or service you were expecting.
- After you log in, you see a document or page that is not what you were expecting.
If you think you may have been caught by this scam, do the following to minimize potential damage to your personal information and U-M account:
- Change your UMICH password immediately.
- Michigan Medicine users, change your UMICH password at lvl2.med.umich.edu.
- Report it as an IT security incident so ITS staff can check your account for signs of compromise.