These fake websites captured 蹤獲扦ICH passwords, and criminals used the passwords to login to Wolverine Access. The criminals then tried to change the direct deposit information for staff paychecks. This type of attack is called spear phishing, a more insidious and directed form of phishing that tricks you by appearing to come from official U-M sources.
Please be aware that if criminals get your 蹤獲扦ICH password, they have access not only to your email, but to personally identifiable information about you in Wolverine Access. A new video on 蹤獲扦-Ann Arbors Safe Computing website describes this threat and explains what you can do to protect yourself. There are also links to a brief, written summary of the video and to news articles about the password thefts that happened over the summer.
Learn how to recognize and protect yourself and the university from criminal spear phishing attempts: http://www.safecomputing.umich.edu/main/phishing_alerts/spear-phish.php
Remember, U-M will never ask you to confirm your identity or account, or to provide your 蹤獲扦ICH password through email.
For more tips about safe computing, visit 蹤獲扦-Ann Arbors Safe Computing website:
