Body
Environment
University of Michigan
Issue
- Is this email to my UMICH email account legitimate? Fraudulent?
- Is this a scam, spam, or a phishing attack?
- I received an email asking to verify my account.
Resolution
Phishing messages can be very clever and will pretend to be related to University of Michigan people or services by using our logo or other terminology.
- Read the message thoroughly and carefully
- Examine the email for the following characteristics to determine if it is a phishing message:
- Does the email ask you to visit an external site and log in with your username and password?
- Does it use language designed to inspire anxiety or urgency?
- "Act Now" or "Final Chance" or "similar
- Does it use poor grammar or spelling?
- Hover over the link in the email
- Does it go to a legitimate website? If not, beware
- Does the link text match the URL? If not, beware
- If you determine it is a phishing message, report the phish to Google by using the report phishing option within Gmail.
-
- Click the three vertical dots icon next to the Reply icon when viewing the suspicious message
- Choose Report Phishing
- Check to see if it has already been reported to our Security team by checking the Phishing Alerts section on the safecomputing.umich.edu homepage.
-
- If the phish hasn't been reported, forward it to reportphish@umich.edu.
- Include a list of the actions that you took (did or did not click any links, reported it to Google, etc)
- NOTE: Please do not forward:
-
- Ordinary Spam (no mention of account credentials)
- External messages not sent by someone-anyone@umich.edu (like PayPal, a bank, etc)
- Do work with these separate organizations to determine how to proceed if you do have phishing concerns with their services
Additional Information
See the Safe Computing website (safecomputing.umich.edu/) for more information.
Need additional information or assistance? Contact the ITS Service Center.