Michigan Ross iMpact

Leading in Thought & Action

Security Best Practices

"Phishing" Attempts

Phishing is a term used to describe attempts by criminals to acquire your password or other personal information by sending a fake email that appears to come from an official source. The word is derived from "fishing," where lure is used to catch unsuspecting bait. In the computing world, that lure can take the form of official looking emails that ask you to click a link to enter personal information or do something suspicious like confirm your password. If you ever receive an email asking for personal information, it is best to use caution. In all cases, it is best to follow-up on the request by visiting the supposed website yourself to verify the message's authenticity rather than clicking on any link in the email, since those too can be faked. To learn more about phishing and how to best protect yourself, visit UM's Spam, Phishing and Suspicious Email site.

Protect Mobile Devices

Security of information at the University of Michigan is a top priority. We must handle all sensitive information entrusted to us with care. Storing such data on a mobile device that is easily lost or stolen places it at risk for exposure. Please protect yourself, your research, and the University by following these best practices:

  • Avoid storing sensitive information on laptops or thumb drives. Access your data from a secure server instead.
  • Follow the U-M Standard Practice Guide 601.14, requiring that Social Security numbers used, stored or transmitted on records or record systems be encrypted or properly secured.
  • Never leave your laptop unattended anywhere. Lock your laptop out of sight when not in use.
  • If a mobile device containing sensitive data is lost, it should be reported immediately.


It is your responsibility to protect your password and guard against unauthorized use of services in your name. You can change your password by visiting the UM Change Password site.

  • Do not share your login and password. No one should ask you for it. Among other things, anyone with your password can send an e-mail message in your name, log in to University resources such as Wolverine Access as you, and read, change or delete your private files.
  • Do not leave your computer unattended while logged in. Use a locked screen saver, or log out and log back in if necessary.
  • Memorize your password. Do not write it on paper.
  • Change your passwords once every six months.

General Web Browsing and Email

You are the first line of defense for your system. If you have any doubts about opening an email attachment, clicking on a pop-up or downloading some software, JUST SAY NO. Through whatever means you have at your disposal, verify that what you are about to click on is safe and legitimate.

Don't Be a Victim

With the number of recent scams online you're more likely to find a scam email as opposed to an actual email in your inbox. There have been an onslaught of phishing and tax fraud attempts taking place amongst higher education communities, including the U-M. We are seeing a rise in the number of U-M community members falling victim to tax fraud.

Here are some helpful resources provided by Safe Computing to protect yourself from becoming another victim:

If you or someone else you know have fallen victim, please share this information to help others to protect themselves.