NOTICE: Beware of emails with links to orders or invoices

Thursday, May 11, 2017

We have seen a flurry of fraudulent emails at U-M in recent days with subject lines that include an invoice number or an order number and that appear to come from a U-M sender, often someone the recipient knows. If the recipient clicks the link in the message, a malicious file is downloaded. The recipient's contacts list may then be used as a source of senders for similar fraudulent email.

Do not click links to orders or invoices unless you are expecting them. Look carefully at all links in emails. If you aren't sure a link is legitimate and safe, don't click.

  • IA has blocked the website that is hosting the malicious software download.
  • As anti-virus software is updated to recognize the malicious downloads, it should discover and remove the download if message recipients clicked the fraudulent link.

To protect yourself from these and other fraudulent emails:

  • Check the phishing alerts on Safe Computing. Information Assurance staff members post fraudulent emails reported to them that are being received by multiple members of the U-M community.
  • Hover over links in emails with your mouse to see the actual destination. Most email programs, including web access to U-M Google Mail, show the URL in the bottom left corner of the window when you hover over a link. Check whether the URL matches the link in message text. If the message claims to be about the university, look to see if the URL looks like other university URLs you are familiar with.
  • If the URL doesn't look right, don't click it! The URL in the recent emails, for example, is clearly not a U-M web address.
  • Double check. If you are suspicious of a link or attachment, don't click. Check with the sender by phone or in person to see if they actually sent the message.
  • Learn more about fraudulent emails at Phishing & Suspicious Email.