U-M hit by email scams to collect personal information

June 8, 2015  //  FOUND IN: Updates & Resources

More than 150 people at the University of Michigan have fallen victim to phishing emails, and revealed personal information such as names, dates of birth, Social Security numbers, UMICH passwords, and more this week.

Scammers are setting up fake Google Forms and sending phishing emails that link to the forms. Information and Technology Services is taking steps to deal with the attacks including working with victims, and taking down the fake Google Forms as they are discovered.

The U-M community is strongly advised to be cautious when reading and responding to email, and to be alert to these two scams:

• Internal Revenue Service Information Validation — These emails, which appear to come from the IRS, ask people to validate personal information, such as a Social Security number, by entering it into a Google Form. The information is being collected by criminals. (IRS scam example)

• Academic Publishing — These emails, which appear to come from real faculty at other institutions, ask U-M faculty to share articles by clicking links that require a login to get to online copies of the articles. The login page is a fake that steals the faculty member's uniqname and UMICH password. (Academic publishing scam example)

What to do

• Before clicking any link in email, hover over it with your mouse to help you see where it is really going. See What to Watch for: Phishing Examples.

• Do not enter private personal information in Google Forms.

• If you suspect you've been caught by one of these scams, change your UMICH password and contact the ITS Service Center to let workers there know your account may have been compromised.

• Learn more about phishing at Spam, Phishing, and Suspicious Email.

• Refer to Safe Computing for updates.