NOTICE: Phishing at U-M continues to increase

Tuesday, March 1, 2016

The message below was sent to the U-M IT Security Community on March 1, 2016.


We continue to see large numbers of phishing emails —at times thousands per day— targeting the U-M community as outlined in our February 25 message to the U-M community (Take action to avoid online scams and tax fraud). We would appreciate your help in reminding users in your areas to beware of these fraudulent emails and the fraudulent login pages they link to. Below is information you can share with others.

Beware of Shared Documents

A number of recent phishing attempts include links to Google docs or forms, Dropbox documents, or other shared documents. Many others contain attached documents. The emails may appear to be from someone you know (where the "From" address has been forged) or may be from the compromised email account of someone you know. In some cases, if you open the document or click the website link, you are prompted for your password or other personal information, such as phone number. This information is then stolen. (See samples: Access Documents, You have two message's from your Admin., Wolverine Access).

  • Check links in emails before clicking them. Hover over the link with your mouse to reveal the URL. On a touch-screen device, you can usually touch and hold down the link to reveal the full URL.
  • Check before opening email attachments. If the message seems at all suspicious, don't open the attachment. The sender address may be forged and the attachment malicious. Contact the person the message appears to be from, via phone or in person, to ask if they sent the message or not.

Check URLs Before Entering Passwords

Check the address or URL on login screens before entering your password. On the U-M Weblogin screen, check that it begins with https://weblogin.umich.edu/ before entering your UMICH (Level-1) password.

Email Warnings from IT User Advocate Are Legitimate

When logs show that a large number of people at U-M received a particular phishing email, the User Advocate sends them an email warning alerting them to the phishing email and urging them to contact the ITS Service Center if they were a victim (that is, they both visited the site AND entered their U-M email address and UMICH (Level-1) password into the form or webpage).

Check Safe Computing for Recent Phishing Alerts

Did you or someone you know receive a suspicious email? Check the Recent Phishing Messages at U-M list at Spam, Phishing, and Suspicious Email. New phishing attempts at U-M are listed there as they are reported.

Resources to Share