We are seeing victims at U-M of new phishing scams targeting W-2 forms in Wolverine Access. Information from stolen W-2 forms can be used to file fraudulent tax returns. U-M is not alone in seeing these scams. Tax fraud and related phishing are widespread every year during tax season.
We urge all members of the U-M community to:
- Learn about and beware of phishing scams.
- Turn on two-factor for Weblogin for additional protection for your W-2s and your U-M account.
How People Are Being Victimized
- People receive phishing email (see samples at Phishing Alerts) claiming to direct them to a Wolverine Access page to view changes to their paystub information and download their W-2 forms. These emails are often customized with the recipient's name.
- When the message recipient clicks the link, they are directed to a fake Weblogin page. The only way to identify that the page is a fake is the address or URL (see Look Before You Login).
- When the recipient enters their uniqname and UMICH password, they are stolen.
- The stolen login credentials were then used to log in to the real Wolverine Access and used to download the victim's W-2 form.
- Information from that form can be used to file a fraudulent tax return.
What Victims Should Do
- Change your UMICH (Level-1) password immediately to stop the criminals from getting into your account.
- Turn on two-factor for Weblogin to prevent criminals from getting into your account with a stolen password. With two-factor, you are notified when someone tries to log in to your U-M account via Weblogin.
- Report the account compromise to the ITS Service Center. This allows ITS staff to check your account for signs of unauthorized logins and other criminal activity.
Learn About Tax Fraud and Phishing
- Look Before You Login. Reminder to check the URL before logging in via the Weblogin page. Includes screen shots.
- Phishing & Suspicious Email
- Don't Fall for Phish! Test your phish detection skills in this U-M phishing training.
- 5 Tips to Avoid Online Tax Fraud
- Don't Fall for Tax Fraud. An 8-1/2 by 11 inch poster you can print and post.
This information was sent to the IT Security Community and Frontline Notify groups on January 20, 2017.