NOTICE: Watch for phishing emails impersonating payroll office

Friday, July 10, 2020

A number of people at U-M have reported receiving a phishing email that claims to be from the U-M Payroll Office following up about a payroll error. This is a scam. The emails are not from the Payroll Office.

About the phishing emails

The phishing emails (see phish example) seen so far:

  • Are from non-university addresses.
  • Have a subject line of "I need assistance" or something similar.
  • Ask the recipient if they received a previous message about a payroll error.
  • End with a signature line of a non-existent person and the address of the U-M Payroll Office. 

These emails are designed to get the recipient to reply out of concern about a possible payroll error. The scammer may then follow up and request personal information such as passwords, direct deposit details, and more in order to "fix" the nonexistent error.

Do not reply

  • Do not reply to the email. See How to Spot a Spoof for clues to help you identify a forged or misleading sender address.
  • Do not provide personal information in response to an email message.
  • Verify by another method. If you are unsure about a particular message, contact the apparent sender by a method other than replying to see if the message is legitimate. You might look them up in the MCommunity Directory and use the email address or phone number listed there, for example.
  • Learn more about phishing at Phishing & Suspicious Email.

What U-M does to address phishing

  • Providers of email used at U-M (Google Mail, Michigan Medicine Exchange) routinely block spam and phishing attacks, but can never block all potential phishing email.
  • ITS Information Assurance (IA) staff routinely report malicious senders to the appropriate service providers (such as Google, Yahoo, and so on). The service providers can then shut down the offending accounts.
  • IA shares and uses threat intelligence from across the Big Ten Academic Alliance to block known malicious websites and addresses.