Compromised U-M accounts being used to send spam

Spammers are using dozens of compromised UMICH accounts to send spam emails. IIA is investigating. No U-M systems have been compromised. Rather, it is likely that the owners of the compromised accounts were the victims of earlier phishing attacks or password-stealing malware. If you suspect your account has been compromised, change your UMICH password immediately.

How to Tell If Your Account Is Compromised

  • You are getting lots of bounce notices. That is, you are getting notices that messages sent from your account—messages that you did not send—were undeliverable. (Sample Inbox list of bounced spam messages.) Some of the spam messages are in foreign languages.
  • You see a lot of sent messages in your account that you did not send.
  • Your friends and colleagues tell you that they are receiving email from you that is in French and that they suspect you did not send.
  • In some cases, Google is disabling M+Google accounts due to this malicious activity.

What to Do If Your Account Is Compromised

  • Change your UMICH password immediately at UMICH Account Management. See Choosing and Changing a Secure UMICH Password for instructions.
  • If you are using the same password on other sites or for any other accounts, change the password for these as well—especially sites where your UMICH email address is the login ID. Do not use your UMICH password for any non-U-M account or website.
  • As a precaution, check your M+Google Mail settings to make sure none of them have been changed. In particular, check the delegation, mail forwarding, and mail filter settings.