Follow the five tips below to help you recognize phishing and scams.
Check links before clicking
- Check the full URL to see if it goes where you expect. Don't click the link if it looks wrong to you.
- On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
- On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.
- Check shortened URL destinations with these shortened URL Security tips.
- Watch for QR Codes that take you to fraudulent sites. See the FBI's alert about Cybercriminals Tampering with QR Codes.
Check to see if the sender is forged
- Criminals can forge the "From" address.
- Be suspicious if the “From” address looks like a U-M address, but the “Reply-To” address does not.
- See How to Spot a Spoof.
Look for fake U-M login pages
- Be careful where you enter your password. Many scammers use fake U-M login pages in phishing.
- Before entering your UMICH password on a web page, check that the page's web address/URL begins with https://weblogin.umich.edu/
- See Look before you log in.
Look for suspicious content
- Look for possible red flags such as misspelled words, bad grammar, and other clues.
- Watch for messages that urge you to act quickly so you don't have time to think, for example:
- "Validate, verify, update your account!"
- "Your email is full!"
- "Your account will be deleted."
Note: U-M will never ask you to validate or verify your account. U-M email accounts only expire when you leave the university and are no longer eligible for them.
Pay attention to warning banners
- Google Mail at U-M Users. Google Mail at U-M flags messages that may be suspicious to help you identify potential problems. See Google Mail Banners Warn of Suspicious Email.
- Michigan Medicine Outlook Users. Take note of an automated warning banner at the top of emails received from senders outside the university that contain links or attachments. The email banner urges extra caution with such messages