NOTICE: More compromised U-M accounts used to send spam

This information was sent to the U-M IT Security Community on August 13, 2015.

Hello IT Security Community,

We are again seeing an increase in compromised U-M accounts being used to send spam email that is similar to what we reported in mid-July: IIA Notice: Compromised U-M accounts being used to send spam (July 17, 2015).

As was the case in July, no U-M systems have been compromised.

Many individual UMICH passwords have been compromised as the result of phishing attacks, password-stealing malware, or password sharing. Those individual accounts are then being used to send spam emails.

Please remind people you work with to be suspicious of any email asking for their password or personal information and to change their UMICH password if they suspect their account may have been compromised. Let them know what to watch for to identify a compromised account that is being used to send spam. Below is information you can share.

Protect Yourself from Phishing Attacks and Malware

Your UMICH password and other private personal information are valuable! Cyber criminals send frequent fraudulent emails—called phishing emails—to individuals at U-M attempting to steal passwords and more. Be suspicious of any email asking for your password or personal information.

• What to Watch for: Phishing Examples
• Protect Yourself & the University from Spear Phishing (4-minute video)
• Password Security Checklist

How to Tell If Your Account Is Compromised

• You are getting lots of "bounce notices." That is, you are getting notices that messages sent from your email account—messages that you did not send—were undeliverable. (Sample Inbox list of bounced spam messages.) Some of the spam messages are in foreign languages.
• You see a lot of sent messages in your account that you did not send.
• Your friends and colleagues tell you that they are receiving email from you that they suspect you did not send.
• In some cases, Google is disabling M+Google accounts due to this malicious activity.

What to Do If Your Account Is Compromised

• Change your UMICH password immediately at UMICH Account Management. See Choosing and Changing a Secure UMICH Password for instructions.
• If you are using the same password on other sites or for any other accounts, change the password for these as well—especially sites where your UMICH email address is the login ID. Do not use your UMICH password for any non-U-M account or website.
• As a precaution, check your M+Google Mail settings to make sure none of them have been changed. In particular, check the delegation, mail forwarding, and mail filter settings.
• Learn more at Compromised Accounts: What To Do.

Thank you for your help!