NOTICE: Phishing scam mimics Google sign-in page

Tuesday, September 27, 2016

Hello IT Security Community and Frontline Notify,
We are seeing a repeat of a phishing email at U-M that directs message recipients to a page that mimics the Google login page. Please share this information with people in your units and remind them to check the URL of a webpage before entering their UMICH (Level-1) password or any other account credentials.

Both instances of this phishing email warned users their account would be closed if they did not provide missing information, included U-M logos, and appeared to be from U-M. Both included a URL that looked like a U-M URL. However, hovering over the URL with a mouse (or tabbing to it) revealed it to be a non-university URL. Those who clicked the suspicious link were taken to a page that resembles the Google sign-in page but has a non-Google URL.

The User Advocate followed up with individualized warnings to all those who received the phishing emails. We have set up a network block to the malicious website for U-M networks. This means that people using U-M networks are unable to access the malicious site. However, people using their home networks or public WiFi are not protected by this block.

Please remind those you work with to always check the URL of a web page before logging in or providing personal or account information.

Information and Infrastructure Assurance