Update - Spread awareness of recent phishing scams

This Advisory was updated on June 8, 2022, to include a Michigan Medicine recruiter scam that is targeting medical professionals in foreign countries.

The following message is intended for U-M IT leadership and Security Unit Liaisons.

Help spread awareness of recent phishing scams

A variety of widespread phishing emails are hitting higher ed and the U-M community. These include:

• Emails that impersonate faculty and target students with fake job offers. See: Phishing Alert: Fraudulent Job Offers Impersonating U-M Faculty
• Emails to staff that contain PayPal invoices for fake purchases. See: Phishing Alert: PayPal Invoice Scam (subjects may vary)

Scammers use publicly available directory information to obtain U-M email addresses of students, faculty, and staff. They also use online tools to make their emails look more sophisticated, such as a publicly available PayPal invoice generator.

Please be aware of these ongoing scams and share the information below with staff, faculty, and students in your units and departments.

A variety of widespread phishing emails are hitting higher ed, and the U-M community. Please be aware of these ongoing scams and protect yourself and the university.

What to Watch Out For

Student job scams

This scam starts with an email impersonating a U-M professor offering job opportunities within various U-M departments. Once contacted the scammer will often ask you to purchase equipment and deposit a check for reimbursement. Some tricks used to make the email look legitimate include:

• The email is personalized with the name of the recipient in the greeting.
• The "from" field contains the name of an actual U-M professor. The email may use the name, title, contact information of the real faculty member in the signature or other areas. The sending email address may be spoofed.
• An email address that looks close to a real U-M address may be used. Example: if the real professor is [email protected], the fake account would use [email protected]. A "reply to" may be set to send replies to a non-UM account. Always check the reply-to field before replying to email. Generally, legitimate email from an individual will have matching reply-to and from addresses.

If you receive a message with obvious signs of a scam, do not reply to it or click on any links in it and immediately report it to [email protected] by following these guidelines.

PayPal invoice scams

This scam begins with a phishing email that contains a PayPal invoice for a fake purchase. Beware of invoices for purchases you have not made or requests to act immediately to make payment or reverse payment. If you receive an invoice you suspect to be a scam or for a purchase you don't recall making:

• Do not pay and do not respond using links or phone numbers in the email. If you call the phone number in the email, a scammer impersonating “PayPal Support” may attempt to induce you to give up sensitive financial information, or visit a non-Paypal web site, to download and install software to allow them to control your computer.
• Go to your PayPal account (do not use links in the email!) and look at your purchase history to verify you haven't been fraudulently billed.
• If you have been fraudulently billed go to PayPal’s Resolution Center at paypal.com/disputes/ and report the fraud immediately.

Michigan Medicine recruiter scams

This scam starts with a text message impersonating an HR Director recruiting medical professionals outside of the U.S. for jobs at Michigan Medicine. Once contacted, the scammer will often ask the individual to submit payment for a competency exam. Some tricks used to make the job offer look legitimate and attractive include:

• After the scam recruiters receive the individuals’ addresses, they mail paper forms that have U-M branding and Michigan Medicine addresses.
• The forms sent to the individuals ask for their signatures and other personal information. The forms also state that U-M management will cover the cost of Visas and flights to the U.S.