Fake payroll notifications attempt to steal U-M login information

Monday, July 23, 2018 - 1:02pm

.

Courtesy of Safe Computing, University of Michigan

A string of fraudulent payroll emails, distributed among University of Michigan community members on July 13, scammed some recipients into revealing their U-M online credentials. The messages directed recipients to a fake Weblogin page in an attempt to steal their passwords, a type of cyberattack known as phishing.

U-M Safe Computing immediately released a notice warning the University community about the scam and outlining a plan for defusing the situation. In order to shut down the attack, information administrators blocked the IP address on U-M networks and took steps to digitally flag the site. They also worked to remove unopened scam emails from recipients’ mailboxes and helped affected employees change their passwords.

In an email interview with The Daily, University Privacy Officer Sol Bermann, the interim U-M chief information security officer, said the University’s quick response helped contain the damage caused by the phishing attempt.

“The U-M Information Assurance team quickly identified this phishing attack, and took a number of steps to quickly mitigate its effectiveness,” Bermann wrote. “Our team continues to improve on how we detect and rapidly respond to these sorts of threats, as a result, very very few U-M community members were affected by this attack.”

Bermann suggested U-M faculty, employees and students learn more about phishing scams on the Safe Computing website, and also recommended turning on two-factor authentication at Weblogin.

The U-M Information and Technology Services Twitter account (@umichTECH) keeps followers up to date on threats to information security such as the July 13 phishing scam.