Scams that are designed to steal your login under false pretenses, such as a party invitation or a request to review a document, are affecting the U-M community. Please share this information with faculty, staff and students in your unit or department.
How it works
Scammers send you an email directing you to enter your uniqname, password, and phone number on a webpage or in a form. They use the information to initiate U-M login, then ask you to send them the Duo-generated passcode so they can complete the authentication process and gain access to your account.
With this access, scammers can:
- Redirect your paycheck deposit
- Redirect financial aid payments
- Apply for emergency hardship loans in your name
- Gain entry to sensitive U-M systems and data
- Use your U-M account to carry out further scams, and more.
Watch Out For
- Messages or forms designed to look like they are from U-M, familiar services such as Dropbox, or evite vendors such as Paperless Post.
- A login page or login form asking for your phone number.
How to Protect You and U-M
- Only enter your uniqname and U-M password on the official U-M Weblogin screen (weblogin.umich.edu) or UM-managed Microsoft Office 365.
- Do not enter Duo passcodes into any forms other than the official Duo screen.
- Do not share Duo verification codes, passcodes, or accept Duo push notifications unless they are initiated by you, or requested by the ITS Service Center to verify your identity when you call for support.
See safecomputing.umich.edu/scams-steal-your-login for details and what to do if you get caught.
