ADVISORY: Spread awareness of recent phishing scams

Thursday, May 12, 2022

This message is intended for U-M IT leadership and Security Unit Liaisons.

Help spread awareness of recent phishing scams

A variety of widespread phishing emails are hitting higher ed and the U-M community. These include:

Scammers use publicly available directory information to obtain U-M email addresses of students, faculty, and staff. They also use online tools to make their emails look more sophisticated, such as a publicly available PayPal invoice generator.

Please be aware of these ongoing scams and share the information below with staff, faculty, and students in your units and departments.


A variety of widespread phishing emails are hitting higher ed, and the U-M community. Please be aware of these ongoing scams and protect yourself and the university.

What to Watch Out For

Student job scams

This scam starts with an email impersonating a U-M professor offering job opportunities within various U-M departments. Once contacted the scammer will often ask you to purchase equipment and deposit a check for reimbursement. Some tricks used to make the email look legitimate include:

  • The email is personalized with the name of the recipient in the greeting.
  • The "from" field contains the name of an actual U-M professor. The email may use the name, title, contact information of the real faculty member in the signature or other areas. The sending email address may be spoofed.
  • An email address that looks close to a real U-M address may be used. Example: if the real professor is bjenson@umich.edu, the fake account would use bjenson.umich.edu@gmail.com. A "reply to" may be set to send replies to a non-UM account. Always check the reply-to field before replying to email. Generally, legitimate email from an individual will have matching reply-to and from addresses.

If you receive a message with obvious signs of a scam, do not reply to it or click on any links in it and immediately report it to ReportPhish@umich.edu by following these guidelines.

PayPal invoice scams

This scam begins with a phishing email that contains a PayPal invoice for a fake purchase. Beware of invoices for purchases you have not made or requests to act immediately to make payment or reverse payment. If you receive an invoice you suspect to be a scam or for a purchase you don't recall making:

  • Do not pay and do not respond using links or phone numbers in the email. If you call the phone number in the email, a scammer impersonating “PayPal Support” may attempt to induce you to give up sensitive financial information, or visit a non-Paypal web site, to download and install software to allow them to control your computer.
  • Go to your PayPal account (do not use links in the email!) and look at your purchase history to verify you haven't been fraudulently billed.
  • If you have been fraudulently billed go to PayPal’s Resolution Center at paypal.com/disputes/ and report the fraud immediately.

Questions, concerns, reports

Please contact ITS Information Assurance through the ITS Service Center.