NOTICE: Watch for vishing emails about Booking confirmation for flight

Tuesday, August 31, 2021

A number of people at U-M have reported receiving an email that claims a flight has been booked for them and asks them to contact the sender by phone to complete their trip information. This is a part of a vishing scam.

About the vishing emails

The vishing emails (see example) seen so far:

  • Are from non-university addresses with a display name of “Flight details.”

  • Have a subject line of "Booking Confirmation" or something similar.

  • Provide billing information and ask the recipients to contact the sender by phone to complete their trip information.

These emails are designed to get the recipient to call the phone number provided in the email regarding a possible flight booking error that appears to be billed to a credit card. If contacted by phone, the scammer may request personal information such as passwords and more in order to "fix" the nonexistent flight booking.

Do not reply

  • Do not reply to the email or call the sender at the provided phone number. See How to Spot a Spoof for clues to help you identify a forged or misleading sender address.

  • Do not provide personal information in response to an email message or phone request.

  • Verify by another method. If you are unsure about a particular message, contact the apparent sender by a method other than replying to the contact information provided in the message.

  • Learn more about phone scams at Phone Scams and Voice Phishing (Vishing).

  • Learn more about phishing at Phishing & Suspicious Email.

What U-M does to address phishing and vishing email

  • Providers of email used at U-M (Google Mail, Michigan Medicine Exchange) routinely block spam and phishing attacks, but can never block all potential phishing email.

  • ITS Information Assurance (IA) staff routinely report malicious senders to the appropriate service providers (such as Google, Yahoo, and so on). The service providers can then shut down the offending accounts.

  • IA shares and uses threat intelligence from across the Big Ten Academic Alliance to block known malicious websites and addresses.