Two new Phishing emails targeting U-M and UMHS communities

September 22, 2015  //  FOUND IN: Updates & Resources

Phishing emails continue to circulate through University and the Health System, including these:

Mirlyn Phishing Email (Mirlyn is the U-M Library catalog, including Taubman Health Sciences Library)

This email has “Catalog (Mirlyn)” in the subject line and claims to be from the University of Michigan Library. It tells recipients that their access to Mirlyn will expire soon and that they will lose access to library resources unless they re-activate their account (see Mirlyn phishing email). Recipients are directed to a web page and are asked to provide their password.

Google Docs and Dropbox Phishing Emails

A number of recent phishing attempts include links to Google docs or forms, Dropbox documents, or fraudulent webpages. The emails may appear to be from someone you know (a forged “From” address), or they may be from the compromised email account of someone you know. In some cases, if you open the document or click the website link, you are prompted for your password or other personal information.

First and foremost, know that the University of Michigan and the University of Michigan Health System will never ask you via email to provide any information, such as your password, in order to manage, verify, or maintain access to your U-M resources.

It is also important that you understand and use these IT security best practices:

  • Be cautious of links in unsolicited emails.
  • Do not enter personal or private information in Google Forms.
  • If you suspect you’ve fallen victim to one of these scams, you should change both your UMICH Level-1 and Level- 2 passwords. You can do this yourself by going to this U-M secure link:, or you may call your IT Service Desk to assist you with changing your passwords.
    • MCIT: 936-8000
    • MSIS: 763-7700

See the original Mirlyn alert message here. Visit the U-M Safe Computing website page, Spam, Phishing, and Suspicious Email, to learn more about this type of scam.

Please share this information with coworkers and students.