Security
Beware of Phishing Emails
For all messages that arrive in your University inbox, don’t hesitate to question their validity, particularly if they look suspicious to you. Spammers and phishers are constantly operating to catch you off guard and take advantage of your email account or other possessions you share with them (e.g. credentials, credit card numbers, gift card numbers).
If you find messages in your inbox:
- Offering a job that will cover part or the full amount of your tuition
- Offering a job to work with someone at the University who you never met nor interviewed with
- Offering a job to work from home but requiring that you put up money upfront to get started
- Offering a job where they will send you money upfront but then need more information to get that money to you
- Offering a job for a professor who is out of the country and needs you to run errands around the University
or using pressure tactics to force you to respond such as:
- Stating that something will happen to your account at your request (when you never made such a request like “we received your request to close down your account, click here”)
- Threatening you that your University account may be closed
- Stating they have video of you through your camera and that you need to make a crypto or gift card payment to clear things up
- Stating they have control of your computer and require payment to return control to you
- Stating they will share your secrets with your address book
- Stating mail will stop coming in if you don’t respond
- Stating all your old emails will be removed if you don’t respond
- Stating your account will be deleted if you don’t respond
- Stating you must do something with your account within a short period
- or something along those lines from ITS, the Help Desk, the HR department, the President, your Dean, someone you know, or someone you don’t know
Know those messages are completely false and you should not respond.
Take action against the scammers and delete the message!
Don’t click on the links in such messages.
If you question whether a message is legitimate, you are welcome to forward the message to helpdesk@udmercy.edu for a response.
If you see a lot of rejected email messages in your inbox that you did not send, the University strongly suggests you:
- change your password
- change your security questions and answers
- verify your email is not being auto-forwarded to another account
- change all other sites where you might use the same combination of email address and password
If you already mistakenly fell for one of these messages and you still have access to your email account, please log in and:
- change your password
- change your security questions and answers
- verify your email is not being auto-forwarded to another account
- change all other sites where you might use the same combination of email address and password
If you have already mistakenly fallen for one of these messages and you do not have access to your email account, you will need to contact the Help Desk to arrange for Microsoft to clear your account. Microsoft generally takes 24-72 hours to clear compromised accounts during which time you do not have access to your account and cannot send or receive email messages. This means you will not be able to access Blackboard while waiting for the account to clear.
If you would like to add a deeper level of security to your email account, ITS would be glad to turn two-factor authentication on by request. All employees at the University use two-factor authentication and we will be turning this on soon for all students as well. Users that fall for these scams will automatically have it turned on.
Security Measures
- 
                                            
                    
                                            
                                        Ìý
                    Multi-Factor AuthenticationAs part of Detroit Mercy's ongoing commitment to provide the tools needed to work efficiently and safely, we are implementing a new feature for all Office 365 accounts: Multi-Factor Authentication (MFA). 
 
 Multi-Factor Authentication (MFA) adds an extra layer of security to your Office 365 account. After you enter your password, you will be asked to provide a second factor of authentication from the following:- Microsoft Authenticator app (a push notification or a verification code) – Recommended
- Text code to an authentication phone number
- Voice call to an authentication phone number
 The following video explains how to setup MFA on your account for the first time. Step-by-step written instructions on setting up Microsoft Authenticator are provided below. 
 Setup Instructions for the Authenticator App
 Step 1: Install the Microsoft Authenticator app
 - Install the Microsoft Authenticator app from the or .
 
 - On your laptop or desktop, visit
- Select “Add Method” >> “Authenticator app”
- Follow the setup instructions.
- Use the Microsoft Authenticator app on your phone or tablet to scan the QR Code on the screen.
 
 - Visit
- Select “Add Method” >> “Phone”
- Enter your text capable phone number.
- Select “Text me a code”
- Follow the setup instructions.
 
 - Visit
- Select “Default sign-in method” >> “Change” >> “Authenticator – notification”
 
- 
                    
                                            
                                        Ìý
                    Security PoliciesA number of policies exist covering Information Technology security. These policies can be read on the Policies page.

