Around 150 University of Michigan employees lost sensitive information thanks to scammed emails, informs the university’s Division of Public Safety and Security.
Several phishing emails were sent by scammers to the U-M community. The emails had links to unauthentic Google Form, which were designed to steal personal information. People clicked on those links and submitted their personal data including name, date of birth, Social Security number and passwords of UMICH account.
The U-M community members have been alerted about two particular scams that were discovered by the Information and Technology Services division of the school.
The email titled “Internal Revenue Service Information Validation” seems to be sent by the IRS and requests people to verify their personal details by entering a Google Form. However, the information is collected by cyber criminals.
“Academic Publishing” emails apparently have been sent by the real faculty of other institutions asking U-M faculty members for sharing articles by clicking on URLs requiring them to login with their UMICH ID and password. Obviously, this login page is a fake one and has been designed to steal the unique name and password, said U-M.
This is the same scheme that previously managed to hack Facebook pages of U-M’s athletics, basketball and football teams. In that particular scam, a phishing email tricked U-M employees into filling out a fake Facebook form through which hackers accessed the personal Facebook account details of the employees and gained access to athletic pages.
Please be patient with us as we work diligently to get this resolved.
— Michigan Football (@UMichFootball) August 12, 2015
Apparently the Information and Technology Services division of the school is trying to deal with the hack, delete the fake Google Forms and help the victims.
U.S. based universities are the prime targets for hackers due to the amount of personal information stored in their servers. Last week, university of Virginia had its servers hacked while the Penn State University servers were also breached with the data steal of 18k folks. In both cases, the alleged culprits were the Chinese hackers.
In January 2015, University of Chicago had its servers hacked and social security numbers along with other sensitive data got compromised.
Another jackpot for hackers was the University of Maryland who had its servers breached and personal data of 309,079 students/staff since 1998 was stolen including names, social security number, date of birth, and the University ID numbers.
Keep your eyes open, don’t fall for phishing emails..!
Report typos and corrections to firstname.lastname@example.org