NOTICE: Mirlyn and other phishing scams targeting U-M community

Wednesday, September 16, 2015

This information was sent to the IT Security Community and Frontline Notify groups on September 16, 2015.

Hello IT Security Community and Frontline Notify (FLN),

We are seeing a number of phishing emails targeting the U-M community and would appreciate your help in reminding users in your areas to beware of these fraudulent emails. Below is information you can share with others.

Samples of Recent Phishing Emails

Mirlyn Phishing Email

One phishing email that was sent to a number of people at U-M yesterday had a subject line of "Catalog (Mirlyn)" and claimed to be from the University of Michigan Library. It told recipients that their access to to Mirlyn would expire soon and they would lose access to library resources unless they re-activated their account (see Mirlyn phishing email). Recipients were directed to a web page and asked to provide their password. The webpage was actually stealing passwords and had nothing to do with Mirlyn or the U-M Library.
Do not click suspicious links in email. U-M will not threaten you with loss of access if you do not validate or reactivate your account. Access to your U-M account is based on your affiliation with the university, not whether you validate or update something.

Google Docs and Dropbox Phishing Emails

A number of recent phishing attempts include links to Google docs or forms, Dropbox documents, or fraudulent webpages. The emails may appear to be from someone you know (that is, the "From" address has been forged) or may be from the compromised email account of someone you know. In some cases, if you open the document or click the website link, you are prompted for your password or other personal information, such as phone number. This information is then stolen. (See samples: Dropbox phish, Google Docs phish, Google Drive phish)
Do not open email attachments or online documents unless you are expecting access to them and they are from people you trust. Do not provide personal information in online documents or on webpages unless necessary and you have verified that the website is legitimate.

Check Safe Computing for Recent Phishing Attempts

Did you or someone you know receive a suspicious email? Check the Recent Phishing Messages at U-M list at Spam, Phishing, and Suspicious Email. New phishing attempts at U-M are listed there as they are reported. You'll see that three phishing messages were reported yesterday at U-M.

Anti-Phishing Advice

  • Be aware that U-M won't ask you to validate your account or provide your password in email.
  • Do not click suspicious links in email. Hover over links with your mouse to see the actual URL you are being directed to. (See What to Watch for: Phishing Examples.)
  • Do not open email attachments or click links to online documents unless you are expecting them and trust the person who sent them. If the email seems suspicious, contact the person it is from and ask if they sent it. Email addresses can be forged, and the email may not really be from the person listed on the "From" line.
  • If you think you think you may have given your password to phishers or been fooled by a phishing email, change your UMICH password immediately (at and contact the ITS Service Center so that ITS staff members can check your account for compromise.


Everyone is busy at the start of a new term, and it is easy to get distracted and click a suspicious link. Please remind users in your areas to stay alert and not be fooled by phishing scams.

ITS Information and Infrastructure Assurance