Online Security: Protect U-M Research Funding Accounts from Targeted Attacks

Peer institutions are reporting increased targeted attacks on university research funding administrators and faculty, aiming to gain control of university accounts to divert federal grant payments.

Recently, U-M has observed a spike in calls to the U-M ITS Service Center from individuals impersonating faculty to reset passwords or Duo devices. Due to data breaches at banks, credit institutions, e-commerce sites, etc., these attackers often have answers to knowledge-based information (social security number, birth dates) to bypass security questions. 

U-M ITS is enhancing password reset procedures to counter threats. We urge you to use caution, inform your project teams, and report any account irregularities. 
To protect your accounts:

• Use a long, complex password for your U-M account.
• Do not reuse your U-M password elsewhere.
• Be cautious of emails asking for your login information; these are usually scams.
• Never share your passwords or Duo passcodes unofficially.
• Only enter Duo passcodes into the official Duo prompt.
• Decline any unexpected Duo push notifications and report them to ITS.
• Report any unauthorized password change emails to ITS immediately at security@umich.edu.