Please inform your unit staff, student advisors, and faculty about the risks of phishing attempts, as compromised accounts can lead to further scams and unauthorized access to university resources.
This message is intended for U-M IT staff who help support faculty, staff, and students.
Help spread awareness of recent phishing attempts urging users to verify accounts
Be aware and help spread awareness of ongoing phishing scams that:
- Urge users to verify their accounts to prevent them from being deleted
- Attempt to get users to log in with U-M credentials to a fraudulent Google Form
- May come from compromised U-M accounts
Please share this information with your unit staff, student advisors, and faculty. Users who fall victim to these phishing attempts may have their accounts compromised, which could be used to perpetuate the scam with emails to more people, as well as gaining unauthorized access to university resources.
Phishing Email Example
Subject: Email Account VerificationThis is the last time we will notify you that we'll stop processing incoming emails in your school account, and the reason is you failed to verify your Google account which may lead to the permanent deletion of your account from our database in the next few hours. Kindly take a minute to complete our email verification below. If the above links do not work, please copy and paste the following URL into a Web browser: ( Google Forms URL redacted )
If you only have one Google Office 365 account, only fill in the only account. and fill " None; Nil; NA " in the rest space
Important Notice- Account disconnection will take place today.
Thank You
©2024 Microsoft Corporation
Information for Users
In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Scams, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.
Don't share Duo passcodes with others. If you receive a Duo push when you are not trying to log in, click “Deny” and report it as fraud in Duo.