Increase in emails impersonating U-M deans and other employees

ITS Information Assurance is seeing an increase in fraudulent emails that appear to come from U-M deans, employees and offices. These fraudulent emails use a practice known as “spoofing.” Different versions of these emails ask the recipient to:

  • Quickly arrange for gift cards to cover a university expense
  • Reply if you are available
  • Make an immediate wire transfer to an unfamiliar account
  • Pay an online invoice
  • Follow a link for information about payment that is due to you
  • Open and review an attachment or shared document and reply

Sometimes the From address shows the name of a U-M manager, department chair, or dean, along with an unfamiliar address. Sometimes the address itself is forged and looks like a real U-M address. The Subject may be a generic request for help (for example, “Are you there?” “Urgent request”) or an invoice number.

In all cases, the intent is to make it appear that someone at the university in a position of authority is directing you to complete a university-related task. The risk of responding includes monetary loss, identity theft, malware, and account compromise.

What you can do

  • Ignore any request for payment via gift card. “Anyone who demands payment by gift card is always, always, always a scammer,” according to the Federal Trade Commission (FTC). “Gift cards are for gifts, not payments.”
  • Check with the sender to verify. Check with the apparent sender by phone call, chat, or a separate email if you are at all unsure of a request, particularly a request for payment (via wire transfer, gift card, or other means). Do not reply to the request itself.
  • Don’t open unexpected attachments or shared documents. Scammers frequently send emails that appear to be from someone you know to trick you into an action that will lead to infecting your computer with malware.
  • Report compromise. If you suspect you fell for a scam or your account was compromised, change your password—your UMICH (Level-1) and/or your Michigan Medicine (Level-2) password. Then report it: Report an IT Security Incident.

What U-M is doing

  • Providers of email used at U-M (Google Mail, Michigan Medicine Exchange) routinely block spam and phishing attacks, but can never block all potential phishing email.
  • ITS Information Assurance (IA) staff routinely report malicious senders to the appropriate service providers (such as Google, Yahoo, and so on). The service providers can then shut down the offending accounts.
  • IA shares and uses threat intelligence from across the Big Ten Academic Alliance to block known malicious websites and addresses.

This is a perennial problem that plagues all sectors, including higher education. Scammers regularly employ these same tactics to impersonate organizations outside the university—such as the IRS—to trick people into sending money or personal information. Always be cautious when asked to do something unusual or unexpected in email.