Protect your UMICH password to avoid identity theft

September 20, 2013

Over the summer, University of Michigan saw a new twist on criminal “phishing” attacks. Criminals sent fraudulent email that directed university community members to fake U-M login websites.

UM-Dearborn ITS

These fake websites captured UMICH passwords, and criminals used the passwords to login to Wolverine Access. The criminals then tried to change the direct deposit information for staff paychecks.  This type of attack is called “spear phishing”, a more insidious and directed form of phishing that tricks you by appearing to come from official U-M sources.

Please be aware that if criminals get your UMICH password, they have access not only to your email, but to personally identifiable information about you in Wolverine Access.  A new video on UM-Ann Arbor’s Safe Computing website describes this threat and explains what you can do to protect yourself. There are also links to a brief, written summary of the video and to news articles about the password thefts that happened over the summer.

Learn how to recognize and protect yourself and the university from criminal spear phishing attempts: http://www.safecomputing.umich.edu/main/phishing_alerts/spear-phish.php

Remember, U-M will never ask you to confirm your identity or account, or to provide your UMICH password through email.

For more tips about safe computing, visit UM-Ann Arbor’s Safe Computing website: http://safecomputing.umich.edu