Go to the U of M home page

Friday, September 21, 2018

Advisory: Credit Freezes are Free: Let the Ice Age Begin

Good news - credit freezes are now free in every US State - this is a valuable tool to prevent identity thieves from accessing your credit history, from krebsonsecurity.com:

SEP 18

Credit Freezes are Free: Let the Ice Age Begin

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.
Enacted in May 2018, the Economic Growth, Regulatory Relief and Consumer Protection Act rolls back some of the restrictions placed on banks in the wake of the Great Recession of the last decade. But it also includes a silver lining. Previously, states allowed the bureaus to charge a confusing range of fees for placing, temporarily thawing or lifting a credit freeze. Today, those fees no longer exist.
A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file).  ....

Thursday, September 20, 2018

Advisory: Business E-Mail Compromise

FBI warning of scam email threat called business e-mail compromise (BEC).

Since 2013, when the FBI began tracking an emerging financial cyber threat called business e-mail compromise (BEC), organized crime groups have targeted large and small companies and organizations in every U.S. state and more than 100 countries around the world—from non-profits and well-known corporations to churches and school systems. Losses are in the billions of dollars and climbing.

At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception. But the level of sophistication in this multifaceted global fraud is unprecedented, according to law enforcement officials, and professional businesspeople continue to fall victim to the scheme.

Carried out by transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers, BEC can take a variety of forms. But in just about every case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals.

“BEC is a serious threat on a global scale,” said Special Agent Martin Licciardo, a veteran organized crime investigator at the FBI’s Washington Field Office. “And the criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims.”    ...

Timeline of business e-mail compromise attack
Timeline of business e-mail compromise attack
See also:

Saturday, September 15, 2018

Advisory: Potential Hurricane Florence Phishing Scams

Alert from US-CERT warning of scams trading off of current weather emergency.

Potential Hurricane Florence Phishing Scams

Original release date: September 14, 2018
NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source. NCCIC advises users to verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. Contact information for many charities is available on the BBB National Charity Report Index. User should also be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the hurricane.
NCCIC encourages users and administrators to review the following resources for more information on phishing scams and malware campaigns:

Wednesday, September 5, 2018

Advisory: Active Phishing Campaign Targeting Student Email Accounts

Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.

If you have any concerns about any suspicious financial aid messages you receive, contact One Stop for assistance: 

What is happening: Multiple institutions of higher education (IHEs) have reported that attackers are using a phishing email to obtain access to student accounts via the IHE student portal (see example phishing email below). The nature of the requests indicates the attackers have done some level of research and understand the schools’ use of student portals and methods. These attacks are successful due to student compliance in providing requested information and the use of just one factor for authentication.
Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, FSA refunds intended for the student are sent to the attacker. FSA believes that attackers are practicing and refining the scheme on a smaller scale now and that this will emerge as a prominent threat against IHEs during periods when FSA funds are disseminated in large volumes.

 Example of phishing message
Example of phishing message

Tuesday, August 28, 2018

Example 223: Action Required: University of Minnesota Portal Validation Request

Fake University Login sent from compromised UMN account.

Message Text

From: UMN.EDU Portal < compromised UMN ACCOUNT>
Date: Tue, Aug 28, 2018 at 12:25 PM
Subject: Action Required: University of Minnesota Portal Validation Request


Dear xxxxx@umn.edu,
You are required to verify use of your *UMN.EDU <http://UMN.EDU>* portal
login. This is a routine to delete in-active email from our database.
Verification link expires in *72 hours*.
<http://xxx  xxxxxxx .com/umn-eduWebLoginService/validate.htm>

Failure to complete verification may lead  to restriction of your portal
access. In this case, kindly contact your school IT Administrator.
Thank you
*UMN.EDU <https://www.umn.edu/> Team*
Login Form
 Fake UMN Login webform
Fake UMN Login webform
Things to Note

  • Email DOES come from a UMN.EDU address - a user who had their account stolen
  • Web form copies UMN login page
  • Web form hosted at a ".COM" address, NOT UMN.EDU
  • Login is NOT secure - browser in image above shows the warning.

Wednesday, August 15, 2018

News: Cyberattackers infiltrate Hennepin County workers' e-mails

Cyberattackers have infiltrated e-mail accounts for about 20 Hennepin County employees since late June.

Here's a reminder to be wary of unexpected emails that seem "too good to be true" - often they are neither good nor true:

Star Tribune article about cyber attack
Star Tribune article about cyber attack 


Friday, August 10, 2018

Example 222: Job Job Job!!!


This email scam campaign appears to mostly be directed at students. It is sent by multiple senders with multiple different subject lines, including (but not limited to):

Employment Opportunity For Student Only
Employment Opportunity
New Personal Assistant Needed ( Part-Time Job )
Job Opportunity
School Announcements
University Announcements

There is a Resume.txt file attached, which is only a text file with the phony job offer, not malware.

The scam ends by the scammer asking the student for money to get through customs to come to the United States so he can hire the student.

This is a type of "Money Mule" Scam: http://www.lse.ac.uk/intranet/students/supportServices/healthSafetyWellbeing/MoneyMuleScam.aspx

What you should do: 

  • Report the email as spam in Gmail to help educate Google's spam filters. 
  • Do not engage with the sender.

Content of Resume.txt

Dear Student,
 I am  Dr. Williams Morgan  and I work as a clinical counselor for the department of Disability Resources and Educational Services (DRES). I provide individual and group therapy, coaching, assessment and academic screenings to support students with disabilities (physical, chronic, psychiatric, and invisible)registered with DRES. A large percentage of the students served by the mental health unit have psychiatric disabilities or co-morbid psychiatric disabilities and need mental health support to be successful at the university. In addition,many University of students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment process. I also am the director of supervision, training and coordination of counseling psychology and clinical psychology graduate students of the United States who have practicums at DRES and APA-accredited school psychology pre-doctoral interns.You have received this email because you have an offer from the University Office for Students with Disabilities to work with me while we help Students with disabilities frustrated with ignorance and lack of services but as my temporary personal assistant. I care about Animal Welfare, Arts and Culture, Children, Civil Rights and Social Action, Education, Environment, Disaster and Humanitarian Relief, Social Services and lots more.This is a very simple employment.

You will only help me Mail letters, Make payments at Walmart and purchase some Items when needed. This employment only takes an hour a day and 3 times a week for $480 weekly.I am unable to meetup for an interview because I am currently away and helping the disabled students in Australia.

You will be paid in advance for all tasks and purchased to be done on my behalf and some of my personal letters and mails will be forwarded to your residence or nearby post office for you to pick up at your convenience. Upon my arrival we will discuss the possibility of making this a long-term employment if I am impressed with your services while I am away. My arrival is scheduled for the 

First week of September 2018

To Apply, Please email your Full name, Address, Alternate email (different from school email) and mobile and  Correspondent will reply you as soon as possible.


Dr Williams Morgan