Recently, IT detected that two accounts had been compromised and were being used to send out email messages to students. The messages falsely informed students that their FAFSA applications were incomplete, and the email messages directed students to fraudulent FAFSA websites where they were directed to disclose Personally Identifiable Information (PII).

What UNM is doing
IT staff detected that two NetID accounts were compromised and locked them. IT staff then used Microsoft tools to remove the fraudulent email messages, although some students may have read and responded to them before the removal process was completed. Finally, staff reached out to the website service providers to get the sites taken down and blocked those sites from being accessed at UNM.

UNM staff will be reaching out to students who received the messages to assist them in protecting their identities, if they did submit PII through the fraudulent websites.

What you need to do if you submitted PII to the fraudulent website
Change your NetID password and ensure that your new password is not a password that you have used before or are using elsewhere. You should never use your UNM NetID password on non-UNM systems. 

If you feel your UNM account has been compromised please call UNM’s Customer Support Service Desk at (505) 277-5757 or email security@unm.edu.

If you feel you have been the victim of a crime please file a report with UNM PD or visit police.unm.edu to file a police report.

See identityprotection.unm.edu for information on how to protect your identity, request free credit reports, or take additional proactive steps to protect your credit and identity.

See phishbowl.unm.edu for current examples of phishing messages, or for instructions on how to forward phishing email messages.

Additional References