A compromised U-M account is one accessed by a person not authorized to use the account. Criminals and hackers target U-M users to gain:
- Access to the U-M network, processing power, and/or storage they can use to commit crimes.
- Access to U-M academic resources, like the library and journal subscriptions.
- Information about you that can be used to steal your identity, commit fraud, and target your email contacts for phishing and fraud.
Why Compromised Accounts Need to Be Addressed
When accounts are compromised, valuable computing resources and sensitive institutional and personal data are put at risk. Even accounts with limited or no access to institutional data and nothing the user considers private in email or personal files are valuable to hackers. Your U-M account provides access to your student or Human Resources record, your email, and perhaps your grades, direct deposit details, and other personal information.
How Accounts are Compromised
- Phishing. Emails that ask you to verify, validate, or upgrade your account by logging in to a webpage or providing your password are most likely phishing scams. Learn more and protect yourself with the information on Phishing & Suspicious Email. U-M will NEVER send email asking you to confirm your identity or provide confidential, personal information.
- Password Stolen on Another Site. Reusing your U-M password on other sites, especially those where your umich.edu email is your username, puts U-M resources at risk. If your account on those sites is compromised, your U-M account can be easily accessed.
- Password Sharing. If you shared your password with a friend, significant other, or family member, they might not have been as careful with it as you are.
- Malware. Use of an untrusted computer or a computer infected with a computer virus, running a keyboard logger, or subject to other malicious system compromises. See Enhanced Endpoint Protection for software you can use to keep your computer safe.
- Unsecured network. If you log in to a U-M website like Wolverine Access while on an unprotected WiFi network, your account information could be stolen. Remember to always Use a Secure Internet Connection.
- Weak password. A short, simple password can be vulnerable to guessing or brute-force techniques. See the Password Security Checklist for other ways to keep your password safe.