ADVISORY: Update - Spread awareness of recent phishing scams
Wednesday, June 8, 2022
This Advisory was updated on June 8, 2022, to include a Michigan Medicine recruiter scam that is targeting medical professionals in foreign countries.
The following message is intended for U-M IT leadership and Security Unit Liaisons.
Help spread awareness of recent phishing scams
A variety of widespread phishing emails are hitting higher ed and the U-M community. These include:
- Emails that impersonate faculty and target students with fake job offers. See: Phishing Alert: Fraudulent Job Offers Impersonating U-M Faculty
- Emails to staff that contain PayPal invoices for fake purchases. See: Phishing Alert: PayPal Invoice Scam (subjects may vary)
Scammers use publicly available directory information to obtain U-M email addresses of students, faculty, and staff. They also use online tools to make their emails look more sophisticated, such as a publicly available PayPal invoice generator.
Please be aware of these ongoing scams and share the information below with staff, faculty, and students in your units and departments.
A variety of widespread phishing emails are hitting higher ed, and the U-M community. Please be aware of these ongoing scams and protect yourself and the university.
What to Watch Out For
This scam starts with an email impersonating a U-M professor offering job opportunities within various U-M departments. Once contacted the scammer will often ask you to purchase equipment and deposit a check for reimbursement. Some tricks used to make the email look legitimate include:
- The email is personalized with the name of the recipient in the greeting.
- The "from" field contains the name of an actual U-M professor. The email may use the name, title, contact information of the real faculty member in the signature or other areas. The sending email address may be spoofed.
- An email address that looks close to a real U-M address may be used. Example: if the real professor is email@example.com, the fake account would use firstname.lastname@example.org. A "reply to" may be set to send replies to a non-UM account. Always check the reply-to field before replying to email. Generally, legitimate email from an individual will have matching reply-to and from addresses.
This scam begins with a phishing email that contains a PayPal invoice for a fake purchase. Beware of invoices for purchases you have not made or requests to act immediately to make payment or reverse payment. If you receive an invoice you suspect to be a scam or for a purchase you don't recall making:
- Do not pay and do not respond using links or phone numbers in the email. If you call the phone number in the email, a scammer impersonating “PayPal Support” may attempt to induce you to give up sensitive financial information, or visit a non-Paypal web site, to download and install software to allow them to control your computer.
- Go to your PayPal account (do not use links in the email!) and look at your purchase history to verify you haven't been fraudulently billed.
- If you have been fraudulently billed go to PayPal’s Resolution Center at paypal.com/disputes/ and report the fraud immediately.
This scam starts with a text message impersonating an HR Director recruiting medical professionals outside of the U.S. for jobs at Michigan Medicine. Once contacted, the scammer will often ask the individual to submit payment for a competency exam. Some tricks used to make the job offer look legitimate and attractive include:
- After the scam recruiters receive the individuals’ addresses, they mail paper forms that have U-M branding and Michigan Medicine addresses.
- The forms sent to the individuals ask for their signatures and other personal information. The forms also state that U-M management will cover the cost of Visas and flights to the U.S.
Questions, concerns, reports
Please contact ITS Information Assurance through the ITS Service Center.
- Beware of Fraudulent Job Offers (Division of Public Safety & Security)
- Phishing Alert: PayPal Invoice Scam (subjects may vary) (Safe Computing)
- Phishing Alert: Fraudulent Job Offers Impersonating U-M Faculty (Safe Computing)
- Want to work from home? Spot the scams first (Federal Trade Commission)
- Scam alert: watch for fake PayPal invoices (University at Buffalo IT)
- Spotting Fraudulent Employers/Postings (Career Center)
- Notice: Watch for student work-from-home scams (Safe Computing)
- Tutoring Overpayment Scams (Safe Computing)
- Job Scams (Federal Trade Commission)
- How to Spot, Avoid and Report Fake Check Scams (Federal Trade Commission)
- Cyber Criminals Use Fake Job Listings To Target Applicants' Personally Identifiable Information (FBI)
- Employment Scam Targeting College Students Remains Prevalent (FBI)