Go to the U of M home page

Saturday, March 21, 2015

Phishing Example 92: Details of Your New Salary Raise

Received March 2015

Note: This is a variation of last week's scam hosted again at cphcph.com


 From: UMN HR
 Date: March 21, 2015 at 16:11:31 GMT+1
 To:  Subject: Details of Your New Salary Raise



 Hello,

 The 2014 salary structure was recently reviewed and it was discovered
 that you are due for a 4.18%

 salary raise on your next paycheck starting March 2015.

 Login below with your credentials to read your salary raise letter.


 Access the documents here xxxxx.com/www.umn.edu/Sign-in.htm



 Faithfully,

Human Resources

University of Minnesota


Thursday, March 19, 2015

Advisory: Notice to Appear in Court (and other lies)

Received March 2015

We've seen an uptick in a phishing spam with a bonus - a nasty attachment!

Below are some examples - other emails claim to be invoices, or package shipment details. Treat these as spam, and delete - the attachments can contain invasive programs that are intended to download malware and infect your computer.

If you've opened one of these attachments, contact your tech support ASAP for assistance. Depending on how invasive the payload is, you may need to reinstall your system!

Beware, and be aware - unexpected email like this is almost certainly fraudulent.


From: District Court
Date: Thu, Mar 19, 2015 at 7:26 AM
Subject: Notice to appear in Court #00000733060
To:

Notice to Appear,

You have to appear in the Court on the March 24.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: If you do not come, the case will be heard in your absence.

You can review complete details of the Court Notice in the attachment.

Kind regards,
Bob Lewis,
District Clerk.





From: District Court
Date: Sun, Feb 15, 2015 at 3:01 PM
Subject: Notice to appear in Court #00383465
To:

Notice to Appear,

You have to appear in the Court on the February 23.
Please, prepare all the documents relating to the case and bring them to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.

The copy of Court Notice is attached to this email.

Kind regards,
Timothy Davenport,
Court Secretary.

Tuesday, March 17, 2015

Phishing Example 91: ITS HELP-DESK

Received March 2015


Subject: ITS HELP-DESK‏‏
Date: Tue, 17 Mar 2015 14:01:54 +0000
From:

All Faulty\Staff Mailbox Message ! 45GB 50GB
 We currently upgraded to Saver to 50GB inbox space. Please log-in to
your user account to validate E-space.
Your emails won't be delivered by our server, unless email account is confirmed.
protecting your email account is our primary concern,
for account update (Web Mail)
click on Outlook Web Access<hxxp://oultloo.jigsy.com/>
should you have any questions please contact the IT Helpdesk.
Copyright ©2015 ITS Help Desk



Things to note


  • Badly constructed form
  • Form hosted at jigsy.com
  • Misspelling on form
  • Passwords show in clear
  • Not UMN branded


Friday, March 13, 2015

Phishing Example 90: Your New Salary As Adjusted

Reported March 2015

From: UMN HR 
Date: Saturday, March 14, 2015
Subject: Your New Salary As Adjusted
To: 

Hello,
The 2014 salary structure was recently reviewed and it was discovered that you are due for a 4.18%
salary raise on your next paycheck starting March 2015.
Login below with your credentials to read your salary raise letter.

  Access the documents here <hxxp://xxxxxx.com/umn.edu/Sign-in.htm>


Faithfully,
Human Resources
University of Minnesota


Things to note:


  • Very good copy of UMN login page
  • URL hosted at  "cphcph.com" - NOT UMN.EDU
  • Duplicate found hosted at "keprc.com" - ALSO, not UMN.EDU
  • Filling form redirects you to UMN.EDU - http://twin-cities.umn.edu/
BE VERY AWARE of login pages and where they are hosted.

Wednesday, March 11, 2015

Phishing Example 89: IMPORTANT NOTICE: Secure Your Mailbox Account

Received March 2015

From: "
Date: Mar 11, 2015 12:48 PM
Subject: IMPORTANT NOTICE: Secure Your Mailbox Account
To:
Cc:

*New ZixCorp secure email message from xxxx@xxxxx.xxx
*Open Message
<hxxps://zixmessagecenter.com/s/e?m=xxxxxxxxxxx>

To view the secure message, click Open Message.

The secure message expires on Mar 25, 2015 @ 05:48 PM (GMT).

Do not reply to this notification message; this message was auto-generated
by the sender's security system. To reply to the sender, click Open Message.

If clicking Open Message does not work, copy and paste the link below into
your Internet browser address bar.
hxxps://zixmessagecenter.com/s/e?

Want to send and receive your secure messages transparently?
Click here <hxxp://www.zixcorp.com/info/zixmail_ZMC> to learn more.


Things to Note:
  • Mail comes from a compromised zixmail user (https://en.wikipedia.org/wiki/Zix_Corp)
  • Mail provides a link to a Weebly run page
  • NONE of the links are hosted on UMN.EDU pages.

Thursday, March 5, 2015

Phishing Example 88: Important account information update

Received March 2015


From: University of Minnesota <xxxxxx@georgetown.edu>
Date: Thu, Mar 5, 2015 at 1:38 PM
Subject: Important account information update
To:

 
*Hello University Members,*
 
You are required to update your University of Minnesota account information
due to recent update in our database. Please follow the link below to
update your account information.
 
University of Minnesota Account Update
<hxxp://xxxxx.es/includes/db/umn/access_web.htm>
 
Regards,

The University of Minnesota

Things to note:

  • URL is NOT from "umn.edu," - it's hosted in Spain.
  • VERY good copy of current login page
  • IF a person fills it out, it redirects to myu.umn.edu and will show you what appears to be the same login page. Users will probably assume they mistyped their password and re-enter it, THEN get a successful login.




Monday, March 2, 2015

Phishing Example 87: University Mail Update: Alert

Received March 2015

Alarming message requesting (by email)  ID and password to clear recipient regarding a terror threat email. Unusual for

  • connecting the scam to a "terror threat" as well as 
  • expecting a reply by email instead of filling in a form: