Alert: Google Chrome verification begins today
Beginning today, Google is rolling out a new security feature that requires users to verify their identity when using the Chrome browser. Members of the U-M community who encounter this when logging in to Google at U-M may be surprised and wonder whether it is safe to follow the Google prompts.
Please be advised that it is safe to complete the Google Chrome verification process.
What Chrome users will see
When you log in to your Google at U-M account using the Chrome web browser, you will see an additional request from Google asking you to verify your identity. You will not see this screen when using other web browsers.
- From Google Chrome, log in to Google at U-M. You will be directed to the U-M Weblogin page to log in with your uniqname and UMICH (Level-1) password.
- Instead of getting into Google at U-M immediately, you will see a Google Verify it’s you screen asking you to verify your email address.
- Check that the address is indeed your U-M email address in the form of firstname.lastname@example.org (where youruniqname has been replaced with your actual uniqname).
- If the address is correct, click Continue. If you do not recognize the address, contact the ITS Service Center.
Why Google is doing this
According to Google, “This new screen is intended to prevent would-be attackers from tricking a user (e.g., via a phishing campaign) into clicking a link that would sign them in to a Google account the attacker controls.” If that were to happen, you would likely see an unfamiliar address on the Google Verify it’s you screen.
The new security feature is designed to thwart attacks like one that targeted Google users last May (see Google adds SSO verification check to G Suite). In that attack, some Google users received an invitation to view a Google Doc. The invitation came from what appeared to be a known contact, and the first part of the URL made it look like it was hosted by Google. Those who clicked the link to open the document, however, were silently logged into an account set up by the attackers. The attackers could then send out spam email from the victim’s account, inviting their contacts to open the malicious Google Doc.
Turn-on two-factor for additional protection
If you haven’t yet turned on two-factor for your UMICH account to protect your Google at U-M account and your direct deposit and other personal information in Wolverine Access, you are encouraged to do so by clicking here.