ALERT: Take action to avoid online scams and tax fraud

This message was sent via email to faculty, staff, and students on the U-M Ann Arbor campus on February 25, 2016. It was also sent to a number of email groups at the U-M Health System.

Hello U-M Ann Arbor faculty, students, and staff,

Phishing, identity theft, and data breach headlines confront us every day. Attackers increasingly target universities and healthcare systems. Take these actions to protect university data and systems, as well as your own personal information.

Take Action

• Check links in emails before clicking them. Hover over the link with your mouse to reveal the URL. On a touch-screen device, you can usually touch and hold down the link to reveal the full URL.
• Check the address or URL on login screens before entering your password. On the U-M Weblogin screen, check that it begins with https://weblogin.umich.edu/ before entering your UMICH (Level-1) password.
• Check before opening email attachments. If the message seems at all suspicious, check with the sender before opening the attachment. The sender address may be forged and the attachment malicious.

Avoid these Scams

• Tax fraud. Criminals can file fraudulent tax returns in your name—and steal your tax refund. They may attempt identity theft through emails claiming false problems with your return or tax documents.
• Phishing. An increase in phishing messages sent to members of the U-M community. These emails ask you to take an action that reveals your password or other information.
• Shared documents. Phishing emails that claim to share U-M documents but that lead to fraudulent login pages instead.
• Ransomware. Attackers distribute malicious software—typically through malicious email attachments or web links—that locks up data and devices, then they charge ransom to unlock them. Several hospitals have been victimized in recent weeks.

Learn More

U-M's Safe Computing website has numerous resources to help you, including these.

• 5 Tips to Avoid Online Tax Fraud
• Shared Document Emails Can Be Traps
• Look Before You Log In
• What to Watch for: Phishing Examples
• Protect Yourself & the University from Spear Phishing (4-minute video)
• Spam, Phishing, and Suspicious Email
• IT Security News Articles (ransomware, privacy, and more)

A few extra seconds spent checking before you click can save you hundreds of hours undoing the damage of identity theft and help to protect the university's sensitive data and good reputation.

Sincerely,

Don
Donald J. Welch, Ph.D.,
Chief Information Security Officer
University of Michigan

For Assistance or Questions

Contact the appropriate help desk for your campus.

Ann Arbor Campus

• ITS Service Center: 734-764-HELP (764-4357) or [email protected]

U-M Health System

• UMHS Service Desk: 734-936-8000