Phishing

Phishing is an attempt, usually made through fraudulent email, to steal your personal information. The best way to protect yourself from phishing is to learn how to recognize a phish.

Phishing emails usually appear to come from a well-known organization and ask for your personal information, such as, credit card number, social security number, EMU ID or password. Often times phishing attempts appear to come from sites, services, and companies with which you do not even have an account.

In order for Internet criminals to successfully "phish" your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.

Warning Signs

Here are some things to look for in an email that may indicate a phish:

• Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like "First Generic Bank Customer" so they do not have to type all recipients' names out and send emails one-by-one. If you do not see your name, be suspicious.
• Forged link. Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, do not click on the link. Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you do not see "https", do not proceed.
• Requests personal information. The point of sending a phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
• Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

If you believe you have been phished, contact the Help Desk at 734.487.2120 immediately and let them know about the incident. Change your my.emich password immediately. You may need to change your passwords on other sites if the information you provided could be used anywhere else.