Open Enrollment is prime time for phishing attacks

October 28, 2015  //  FOUND IN: Updates & Resources

The University’s open enrollment period for 2016 benefits began October 26 and runs through November 6, making this prime time for fraudsters to launch phishing scams disguised as official-looking “Open Enrollment” messages.

Open enrollment scams usually involve emails that look like “real” benefits communications from an employer, but that instead direct the user to a fake web portal designed to collect personal information that can be used to commit fraud. The scammers have gotten so good at phishing that the fake emails often look identical to official communication, including logos. However, a closer look reveals that the email contains an incorrect URL for the university's employee portal.

So remember – If you receive an email that looks suspicious, it probably is.  Do not open attachments or click on links that look suspicious. 

U-M will NEVER ask students, faculty or staff to confirm their identity, or provide confidential or personal information by email, nor will any other reputable institution such as a bank or retailer.

If you believe that you have fallen for a phishing attack, immediately change both your Level 1 and Level 2 passwords and contact your IT service provider (MCIT at 936-8000 or MSIS at 763-7770). 

Want more information?


Watch a short video that describes the threat of spear phishing and explains what we can do to protect ourselves and the university:  Video: Protect Yourself & the University from Spear Phishing

Attend the November 17 Quality Improvement and Compliance-sponsored brown bag, Don’t Be Phish Food; learn more about phishing and test your savvy using a phishing simulation.