Go to the U of M home page

Monday, December 22, 2014

Phishing Example 81: Faculty And Staff Mailbox Alert.

Received December 2014

(note: good example of our inbound process tagging phishing mail as spam )

---------- Forwarded message ----------
From:
Date: Dec 22, 2014 3:41 AM
Subject: *****SPAM***** *****SPAM***** RE: Faculty And Staff Mailbox Alert.
To:
Cc:


 ------------------------------
*From:*
*Sent:* Monday, December 22, 2014 12:04 AM
*To:*
*Subject:* Faculty And Staff Mailbox Alert.
 
  Your password Will Expire In The Next TWO {2} Days Current Faculty and
Staff Should Please Log On To IT WEBSITE
<hxxp://xxxxx.wix.com/outlook-web-app> To Validate Your E-mail Address
And Password,Or Your E-mail Address Will Be Deactivated.Thank You.

 *ITS help desk*
*ADMIN TEAM*

©Copyright 2014 Microsoft
All Right Reserved.    



Things to note:

  • No UMN branding.
  • Hosted at Wix, a free form site.
  • Form displayed password in clear text.
  • Form was littered with ads for Wix.

Friday, December 19, 2014

Advisory: FTC Releases "Package Delivery" Themed Scam Alert

FTC Releases "Package Delivery" Themed Scam Alert

The Federal Trade Commission (FTC) has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service.  Scam operators often use false information linked to reputable organizations to imply the email is legitimate.
Users are encouraged to review the FTC Scam Alert for details, and refer to the Recognizing and Avoiding Email ScamsPublication for information on email scams.

 FTC Releases "Package Delivery" Themed Scam Alert

Friday, December 5, 2014

Advisory: Be Wary of "Attached Document" Files

December 2014

We're advised by State of Minnesota IT staff that some alarming fraudulent messages have been received claiming to be from DHS or MNSure. These emails have included attached documents which, if opened, may present a malware infection risk.

It's good practice to question any unexpected email with attachments - particularly if they include scary subjects or content aimed at making you quickly open the attached file. If you receive such unexpected email, take time to question it and use other means (e.g. a phone call, website, or email to a known correspondent) before opening the document.

Thursday, December 4, 2014

Advisory: Be Wary of ‘Order Confirmation’ Emails

Timely warning from Brian Krebs of krebsonsecurity.com :

Be Wary of ‘Order Confirmation’ Emails

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities. ...


Wednesday, December 3, 2014

Phishing Example 80: Kindly Review The Attached Document !!!

Received December 2014

From:
Date: Wed, Dec 3, 2014 at 10:07 AM
Subject: Kindly Review The Attached Document !!!
To:


Hello,
   I tried to get these document across to you before. Did you ever get
it?  VIEW HERE <hxxp://xxxx.ir/mm/google> and sign on with your email to
access it as attached on Google.doc, get back to me so we can discuss.
Regards
 

NOTE:


  • Sent from a compromised UMN account - probably to all contacts in user's mail
  • Hosted at a non UMN site
  • Fake "google document" login - but includes other company email types - this is NOT how Google docs/drive works.


Phishing Example 79: Message from UMN.EDU Email Support

Received December 2014

From: University Of Minnesota
Date: Wed, Dec 3, 2014 at 9:20 AM
Subject: Message from UMN.EDU Email Support
To:


*Dear umn.edu User,*

*D**ue to the newest upgrade to our database,** we have placed your six
incoming mails on pending status *.

*In Order to receive the six new messages **click here
<hxxp://www.xxxxxxx.de/modules/unm.html> to *

*login and wait for response from our email support team. *
*We sincerely apologise for any inconveniences and appreciate your
understanding.*



NOTE: 

  • Very Deceptive - copy of REAL UMN login page
  • IMPORTANT - URL is hosted in Germany, not umn.edu