M-Pathways Update
January 2025

Data Privacy Day event: Privacy in the Age of AI

It’s that time of year again! Data Privacy Day is observed nationally on January 28 (Data Protection Day in the EU). To celebrate, Privacy@Michigan invites you to a keynote presentation on Tuesday, January 28, 12 p.m. with Dr. Sauvik Das an Assistant Professor at Carnegie Mellon University's Human-Computer Interaction Institute and director of the SPUD (Security, Privacy, Usability and Design) Lab, exploring privacy in the age of Artificial Intelligence.

Following the presentation, Dr. Florian Schaub, Associate Professor of Information, Associate Professor of Electrical Engineering and Computer Science, and Adjunct Professor of Law at the University of Michigan, will host a fireside chat and Q&A session.

Learn more about the presentation, get a webinar link, and add the event to your calendar by visiting the event page on the Safe Computing website.

More on Safe Computing

• Take a stroll through the History of Privacy Timeline and the History of Surveillance Timeline.
• Submit your Six Words About Privacy and see what others are saying.
• Visit ViziBLUE to learn what personal information the university collects and how that information is being used.
• Check out the privacy protection resources on the Safe Computing website, share them broadly, and become a privacy champion in 2025.

New Privacy Portraits!

Data Privacy Day is a great time to reflect on your privacy habits. Are you a Guardian, Free Spirit, Skeptic Pragmatist, or Wildcard? The U-M Privacy Portrait Assessment gives you a set of questions to answer and based on your score reveals your privacy portrait and customized privacy advice. Your results are private, of course–you can choose to share with others or keep just for you.

Privacy@Michigan, co-sponsored by Information and Technology Services (ITS) and the School of Information, hosts events and activities intended to raise awareness, promote best practices, and provoke thought and conversation on privacy topics broadly relevant to our community members and society at large. Browse Past Privacy@Michigan Events for recordings and information on speakers and topics over the years.

You’re invited to a party! But it turns out to be no picnic when they steal your login credentials.

Your U-M account is a doorway for scammers seeking access to U-M’s valuable digital resources. They create sophisticated scams to try to steal your login information. Protect it by only entering your credentials in the official U-M Weblogin page.

The scam

Scammers send you an email that directs you to a page or form asking you to enter your uniqname, password, and phone number under the false pretense of responding to a party invitation. They use the information to log in to your account and ask you to send a Duo passcode to complete the login process. Scammers who gain access to your U-M account can use it for malicious activities, such as redirecting your paycheck deposit in Wolverine Access and more.

Pause and Check

• Before entering your UMICH password on a web page, check that the page's web address/URL begins with https://weblogin.umich.edu/
• Messages or forms may be designed to look like they are from U-M.
• Be suspicious if the “From” address of an email looks like a U-M address, but the “Reply-To” address does not.

Verify

If you are uncertain, use your own methods to verify if the message is legitimate. Contact the individual or organization they claim to be representing by using their official website, contact number, or email.

Avoid the Scam

• Do not enter any login information, including Duo passcodes, into any forms other than the official U-M Weblogin screen.
• Beware of suspicious emails designed to lure you into providing personal information under false pretenses such as a party invitation or an urgent request to verify your account.
• Pay attention to warnings: Google forms warn you to never enter login information into a Google form.
• If you fell for the scam and gave your personal information, change your UMICH password immediately and follow the instructions on Safe Computing.

Be a hero

• Share this article with colleagues who may not have seen it.
• Forward suspicious emails or descriptions of messages to reportphish@umich.edu.
• Learn more about how to Spot Phishing and Scams on safe computing.umich.edu.

In with the new and out with the old

Did you get some cool new tech during the holiday season? Make sure to secure your new devices and safely dispose of your old ones to protect yourself and U-M.

Secure new devices

Take the time to review the privacy and security settings for new devices and accounts. Adjust the defaults to secure your data, protect your privacy, and protect the university. Turn on auto-updates to ensure the latest security updates are always applied.

• Check out our Secure Your Devices section for tips on securing most types of devices.
• You can also find advice on Protect Your Privacy to help you keep personal data and accounts away from prying eyes.

Safely dispose of old devices

Devices you no longer need or want can contain personal data, and in some cases U-M data if you used those devices for work. Keep that data from falling into the wrong hands by either securely deleting sensitive data before disposing of the device or securely destroying it. Even devices that you decide to sell or hand down to friends or family should be properly erased or reset before you pass them on. Refer to Erase Personal Devices Before Disposal for links to detailed instructions.

• Remember that if you use your personal devices for U-M work, you need to follow Security of Personally Owned Devices That Access or Maintain Sensitive Institutional Data (SPG 601.33) to secure them appropriately and properly and to dispose of them.
• Need a hand erasing a personal device? Contact ITS Tech Repair for information about their device sanitization services.