I got e-mail asking for my password? Should I send it?
Don't Send Your Password!
No. Absolutely not. A thousand times, no. Don't send it.
No one other than you should know your UMICH Kerberos password. You should never tell anyone your password, and you should never send it to anyone through e-mail.
No one at U-M should ever ask you your password for any reason. We ask you to use it when you log in to ITCS and other U-M computing services, of course, but we will never ask you to tell or give it to us or to any other person. Your password is yours, and you need to keep it private.
Be Suspicious of Password Requests—and All Requests for Identity Information
People who send you e-mail asking for your password are up to no good. They want your password so they can get access to your U-M computing account and, perhaps, to U-M computing services generally. Attempts to trick you into revealing your password are called "phishing" scams.
A few years ago, there was a wave of phishing e-mails that appeared to be from financial institutions asking that people reveal their bank account information in order to keep their account active. You should never send personal identity information in reply to such messages.
In recent months, members of the U-M community have received phishing e-mails that claim to be from UMICH. These messages claim that you must reply with your username, password, date of birth, and country or territory to prevent your mail account from being deleted. The scammers may claim to represent a UMICH Webmail Team or a UMICH Messaging Center. Basically, they take the UMICH name and add other common computing group names. They do this to people at other universities as well, using the mail domain names of those schools instead of UMICH.
Be suspicious of any e-mail message that asks you to send personal identity information, especially your password, to verify that you are using an account that you own. Never send personal identity information in response to such a request.
If you are ever in doubt as to the legitimacy of a message, you can contact the ITCS consultants (764-HELP or online.consulting@umich.edu). They will help you figure out whether the message is valid or not.
Tips to Protect Yourself from Phishing Scams
- Never give your password to anyone. ITCS staff members will never ask you for your password.
- Be suspicious of any message that asks you to verify account information via e-mail or a website. Do not provide the information. Delete the message.
More Information
This page last verified May 2008
|
Return to the Uniqnames and Passwords FAQ
