Protect yourself from phishing emails

Phishing remains the No. 1 cyber-attack method, making it a shared responsibility to do your part, be cyber-smart, and learn how to protect Michigan Medicine and yourself from phishing attacks. 

Continue reading to learn more about phishing:

Q: What is phishing and why is it important to understand? 

A: Emails sent to a group of people designed to trick the recipient into opening an attachment, clicking a link, or downloading a malicious file in order to obtain your credentials or share sensitive information. These phishing emails bypass technical safeguards and leverage human vulnerabilities to attempt to penetrate our network.

Q: With some of the workforce working remotely and relying on technology more than ever before, what are signs people can look for to recognize phishing? 

A: Here are just a few:

Q: How do I check if a login screen is really for U-M?

A: Always check the URL before you enter your password https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/look-before-login 

Q: How do I report a phishing email from my mobile device?

A: Forward the suspected phishing email to ReportPhish@umich.edu 

Q: How do I know if it’s phishing or spam? And if it’s spam, do I report it?

A: Phishing emails try to get you to click or open attachments based on strong positive or negative emotions. Spam is an email that is more about marketing something. You may have signed up to receive emails from a store, company, magazine, etc. without even knowing it. Here is a link to a short video about phishing and spam:  Phishing and Spam

Q: Should I forward an email that I think is phishing to someone else to confirm?

A: No. Never forward an email that you think is suspicious, always report it. 

Q: I use both U-M Google mail Michigan Medicine Exchange, how do I report a phishing email using these tools?

A: Michigan Medicine Exchange users are asked to report suspected phishing emails by clicking the Report Phishing button in their Outlook menu bar. For Google mail, forward the entire message to ReportPhish@umich.edu.

Q: If I report an email as phishing by accident, using the Report Phish button, can I get the email back?

A: Absolutely!  When using the Report Phish button, the email you reported will be moved to your ‘Deleted Items’ folder. You can go into that folder in your email and move the deleted email back to your inbox.

Q: What are some of the steps I can take to stay vigilant?

A: Important steps include:

• Take a minute to read emails. Attackers will use emotional appeals in their emails. Stay calm and look closely at the email for grammar or typos.
• Use caution when opening email attachments and clicking links in emails. If it looks suspicious, report it, even if you’ve already interacted with the link or attachment.
• Don’t share your Michigan Medicine credentials with third-party websites
• Be familiar with the procedures for communicating suspicious activities to our IT security team.

Additional resources: 

Michigan Medicine Information Assurance Educational Resources: https://safecomputing.umich.edu/michigan-medicine

Search for various topics from the Safe Computing Home Page: https://safecomputing.umich.edu/

More about Information Technology Policies: https://it.umich.edu/information-technology-policies

For additional information, email: ia-edawareness@umich.edu