A recent phishing scam uncovered at the University of Michigan is very much worth reporting because the same tactic is being used throughout the country at many other colleges, universities and companies. The scam started with emails to University of Michigan employees. The emails appeared to be from the University of Michigan, but in fact, they were from identity thieves. The emails informed the recipient of the necessity of updating the recipient’s account with the University, however, other emails use other pretenses, such as security problems. In all instances, the emails are intended to induce the unwary victim to provide personal information, such as passwords to the identity thief who would in this case then used the information to access the victim’s employee records and change the address to which the employee’s wages would be electronically deposited such that it went to an account of the identity thief. This scam by which identity thieves pose as someone they are not in order to induce you to provide personal information to them is called “phishing.”
The lesson is the same regardless of whether you are connected with the University of Michigan or not. Never provide personal information to anyone unless you are absolutely sure that the request for information is legitimate. Whenever you receive a request for personal information by email, text message, mail or phone, you can never be sure as to who is sending you that communication. Counterfeiting communications to make them appear legitimate is easy to do. Before ever providing such information in response to any communication, contact the person or company at an email address or telephone number that you know is accurate to confirm whether or not the original request was a scam.