Recognize Spam, Phishing, or Suspicious Emails

Environment

U-M Google, Gmail, @umich.edu/UMICH email address

Issue

  • Is this email to my UMICH email account legitimate? Fraudulent?
  • Is this a scam, spam, or a phishing attack?
  • I received an email asking to verify my account. Is this real?

Resolution

Phishing messages can be very clever and will pretend to be related to University of Michigan people or services by using our logo or other terminology. Below are the steps to take if you receive a suspicious email.

  1. Read the message thoroughly and carefully​​​​​​.
  2. Examine the email for the following characteristics to determine if it is a phishing message:
    • Does the email ask you to visit an external site and log in with your UMICH username/uniqname and password? 
    • Does it use language designed to inspire anxiety or urgency? (e.g., "Act Now," "Final Chance," etc.)
    • Does it use poor grammar or spelling?
    • Hover over the link in the email:
      • Does it go to a legitimate website?  If not, beware.
      • Does the link text match the URL? If not, beware.
  3. If you determine it is a phishing message, report it to Google using the Report phishing option in Gmail.
    1. Click the three-dots icon next to the reply icon in the top right corner when viewing the suspicious message.
    2. Select Report phishing. This will apply the spam label to the email and add the sender's email address to Blocked Addresses in your Gmail settings.
  4. Check if it has already been reported to the ITS Security team by checking the Phishing Alerts on the Safe Computing site.
    • If the phish hasn't been reported, forward it to reportphish@umich.edu.
      • Note: Please do not forward ordinary spam to this email (i.e., no mention of account credentials).
    • Include a list of the actions that you took (e.g., did/didn't click any links, reported it to Google, etc.).
    • It's extremely helpful if you can include a screenshot of any forms that request your information, along with the URL for those forms.

Refer to the Safe Computing site for more information.

Additional Information

Need additional information or assistance? Contact the ITS Service Center.

Print Article

Related Articles (4)

Google: Block or Unsubscribe from Sender Emails
This article provides information on blocking an email sender or unsubscribing from that sender's emails in U-M Google Mail (Gmail).
Google: Legitimate Email Identified as Spam/Dangerous
This article provides information on issues with legitimate emails being detected as spam or dangerous in U-M Google Mail (Gmail).
Google: Mark/Unmark Email as Spam
This article provides instructions for marking/unmarking email as spam in Gmail.
Google: Spam and Phishing Calendar Events
This article provides information and tips for preventing automatically generated spam and phishing events in your U-M Google Calendar.

Related Services / Offerings (1)

ITS-Google at U-M
This service is software bundle that includes the core Google Apps of Email, Calendar, Docs, Sites, Contacts, and Chat as well as over 40 other apps designed to improve collaboration.