Phishing is an online scam involving emails with a clickable link that appear to be from a trusted source. By clicking a phishing link, you may compromise your WMU Bronco NetID and allow access to change your personal data within GoWMU. You could also allow viruses or other malware to infect your computer. For more information on what harm can be caused, see phishing facts. For additional information on keeping safe online, please see security awareness. If you have any questions about whether or not the message you received is phishing, contact your unit IT support person or the Technology Help Desk.
Below are phishing messages that have been received at Western Michigan University. They are entered here as they are received, however do not assume that because the message you received has not been posted here (yet), that it is safe to assume it is a valid message. If you receive a message that appears to be a phishing attempt (always hover your mouse pointer over the link it contains to see where it will actually take you if you click it). If the actual URL does not match the displayed link text, do not click it. Forward the message as an attachment to firstname.lastname@example.org and then flag the message as "Junk" in your email. Visit the Help Desk website for instructions on how to forward the message as an attachment.
Date: 07/08/2016 NOTICE: There is a scam informing non-WMU students in other countries that they have been awarded a scholarship to WMU and to receive it, they must send money for their visa. This is a fraudulent advance fee scheme message. If your office receives any inquiries, please try to obtain a copy of the email the student received and follow the instructions noted above to forward it as an attachment to email@example.com. Thus far, the below email addresses have been used in this advance fee fraud:
officeofadmissionswesternmichi at gmail.com
paulgabrielusrp at gmail.com
paulgabrielusrp at hotmail.com
presidentwmu at gmail.com
presidentwmu at hotmail.com
Your contact shared some files with you.Click on check now to view your message
The Dropbox Team
Subject: Announcement for 6-20-2017
Subject: Account Shutdown
Subject: WMU Important News! / ACTION Required:- Important Message / Western Michigan University Message Board
Subject: Single Sign On - Password Reset
Subject: Your E-mail will be close
Subject: Current issues - IT Desk services
Subject: Final Notice: please verify your email address
Subject: 25 new reports
Subject: ICT Department!!
Subject: Staff Email Update
Subject: Important message from Faculty/Staff
Subject: @wmich.edu is no longer active!
Subject: Account illegal activity detected
Subject: has shared a document on Google Docs with you
For more information on this phishing attack, please see this cnet article: https://www.cnet.com/news/dont-get-reeled-in-by-massive-google-docs-phis...
Subject: 13 new Messages
Subject: IT Scheduled Maintenance
Subject: Microsoft Exchange (Email Validation)
Subject: Mail Alert
Subject: IMPORTANT UPDATE FROM PRESIDENT JOHN M DUNN
Subject: Security Notification!!
Subject: Email addresses updated
Subject: Unusual IP activity
Subject: ICT Technical Support
Subject: Expiration Notice
Subject: Email Validation!
Subject: Limit Storage
Subject: Account Update
Subject: GSST Assessment Plan Draft - Invitation to edit
This email appears to be standard Google Drive share. When you mouse over the link, however, the real URL displayed is "http://bit.ly/2d7NtFo"
This took the user to a phishing page in order to obtain their log in credentials. To ensure that you are safe, always hover your mouse over the link and verify that it matches what is displayed in the email.
Subject: Admin Service Desk
Subject: Important Notice to All Faculty Staff
Subject: Important Update
Subject: WMU Webmail Activities
Subject: Your New Payroll
Subject: Update Your Account
Subject: Server Message
Subject: Technical Support
Subject: Concerning Mailbox quota
Subject: IT's Service Desk
Subject: ICT Technical Support Update
Subject: YOUR ACCOUNT WILL BE SUSPEND WITHIN 24HOURS CUSTOMER SERVICE
Subject: Account Verification
Subject: Unusual Sign-in
Subject: Incident Report 25-APR-2016
Subject: IT Service Desk Support
Subject: Sears Holdings - Interview Confirmation
Subject: You will be blocked from receiving messages
Subject: RECEIPT: PAYMENT ON HOLD - ID:350398226
Subject: Mailbox Helpdesk
Subject: Administrative Notice
Subject: wmich.edu: EMAIL UPDATE
Subject: Server Maintenance: Email Servers
Subject: Document From
Subject: IT Dest
Subject: IT Administrator
Subject: Dear User
Subject: Fwd: Scheduled Maintenance & Upgrade
Subject: Important Notice for First.Last@wmich.edu
Subject: New message from "University Faculty"
Subject: CONFIRM YOUR EMAIL ID NOW!!!
Subject: WMU Alert!
Subject: Mail from John Smith
Subject: Library Services
Subject: Library Services
Subject: Wmich.edu UPDATE
Subject: Wmich.edu UPDATE
Subject: Pet Article
Subject: Dear Account Owner...!!
Subject: School Mail Box Re-Validation
Subject: Last warning
Subject: Email Error Mailbox Quota Exceeded
Subject: Zimbra Mail Account Verification
Subject: Irregular login attempt