ALERT: Phishing scams targeting W-2s for tax fraud

Friday, January 20, 2017

We are seeing victims at U-M of new phishing scams targeting W-2 forms in Wolverine Access. Information from stolen W-2 forms can be used to file fraudulent tax returns. U-M is not alone in seeing these scams. Tax fraud and related phishing are widespread every year during tax season.

We urge all members of the U-M community to:

How People Are Being Victimized

  • People receive phishing email (see samples at Phishing Alerts) claiming to direct them to a Wolverine Access page to view changes to their paystub information and download their W-2 forms. These emails are often customized with the recipient's name.
  • When the message recipient clicks the link, they are directed to a fake Weblogin page. The only way to identify that the page is a fake is the address or URL (see Look Before You Login).
  • When the recipient enters their uniqname and UMICH password, they are stolen.
  • The stolen login credentials were then used to log in to the real Wolverine Access and used to download the victim's W-2 form.
  • Information from that form can be used to file a fraudulent tax return.

What Victims Should Do

  • Change your UMICH (Level-1) password immediately to stop the criminals from getting into your account.
  • Turn on two-factor for Weblogin to prevent criminals from getting into your account with a stolen password. With two-factor, you are notified when someone tries to log in to your U-M account via Weblogin.
  • Report the account compromise to the ITS Service Center. This allows ITS staff to check your account for signs of unauthorized logins and other criminal activity.

Learn About Tax Fraud and Phishing


This information was sent to the IT Security Community and Frontline Notify groups on January 20, 2017.