Peer institutions are reporting increased targeted attacks on university research funding administrators and faculty, aiming to gain control of university accounts to divert federal grant payments.
Recently, U-M has observed a spike in calls to the U-M ITS Service Center from individuals impersonating faculty to reset passwords or Duo devices. Due to data breaches at banks, credit institutions, e-commerce sites, etc., these attackers often have answers to knowledge-based information (social security number, birth dates) to bypass security questions.
U-M ITS is enhancing password reset procedures to counter threats. We urge you to use caution, inform your project teams, and report any account irregularities.
To protect your accounts:
- Use a long, complex password for your U-M account.
- Do not reuse your U-M password elsewhere.
- Be cautious of emails asking for your login information; these are usually scams.
- Never share your passwords or Duo passcodes unofficially.
- Only enter Duo passcodes into the official Duo prompt.
- Decline any unexpected Duo push notifications and report them to ITS.
- Report any unauthorized password change emails to ITS immediately at [email protected].