Scams targeting university communities are increasingly sophisticated, such as recent scams involving login theft, fake job offers, and fake housing opportunities. These scams attempt to trick individuals into sharing personal information or making payments. Threat actors often impersonate real U-M faculty or departments to appear legitimate and convey a sense of urgency to get the individual to act without thinking.
Protect yourself by learning to recognize, avoid, and report phishing scams. You can do your part to protect the university community by sharing information with others about the following scams.
Remember to report phishing and suspicious emails or messages to [email protected].
Login Theft Scams
Scammers send a phishing email about a party invite or a document to review, then trick you into entering your U-M login credentials into a fake login form/page. They steal your login credentials. With this access, scammers can redirect your paycheck deposit, redirect financial aid payments, and more.
How to Protect Yourself
- Only enter your uniqname and U-M password on the official U-M Weblogin screen (weblogin.umich.edu) or UM-managed Microsoft Office 365.
- Do not enter Duo passcodes into any forms other than the official Duo screen.
- Do not share Duo verification codes or passcodes, or accept Duo push notifications unless they are initiated by you or requested by the ITS Service Center to verify your identity when you call for support.
See Login Theft Scams on Safe Computing for more information.
Job Offer Scams
In this scam targeting students, threat actors send legitimate-looking emails impersonating U-M faculty/departments attempting to lure them with job offers. They use sophisticated tactics to scam them out of money with fake check overpayments, or they try to steal your personal information.
How to Protect Yourself
- Do not reply.
- Look for signs that the email is fraudulent. See Spot Phishing & Scams for more details.
- Verify the sender's identity.
- Do not reply through a suspicious message or by using the contact information provided in it.
- Look up that sender's contact information in the MCommunity directory, then email or call them yourself using directory information.
- Verify their identity even if they are someone you know, but the message seems suspicious.
See Job offer scams on Safe Computing for more information.
Housing Scams
This scam targets students and starts with an email impersonating a U-M Housing staff member requesting that the recipient complete a housing contract and send payment. It refers to the Regents of the University and uses other tactics to appear legitimate.
How to Protect Yourself
- Do not reply. If you receive a suspicious message that appears to be from someone at U-M, view Spot Phishing and Scams for tips on recognizing scams.
- Verify and Contact. If there are no obvious signs of phishing but the email content is suspicious (offers of jobs you have not applied for, or from someone you do not know), look up that sender's contact information in the MCommunity directory and email or call them yourself instead of using the reply-to in email or the information provided in the email.
See Housing Scams on Safe Computing for more information.
See Phishing & Scams on Safe Computing for information on what to do if you think you are a victim of a scam.