Go to the U of M home page

Wednesday, April 29, 2015

Phishing Example 95: Notice - Message Board

Received April 2015

From: myUMN UMN Service Desk
Date: Tue, Apr 28, 2015 at 7:40 PM
Subject: Notice - Message Board
To:

            [image: MinnesotaGoldenGophers.png]

You have an important message at you Message Board. We could not verify
your Single Sign-On. Did you recently change your..... Update Needed

View this Message
<hxxp://xxxxx.com.au/wp-includes/css/umn/UniversityofMinnesota.html>


Things to note:

  • Examples reported were sent from compromised @umn.edu email accounts.
  • Presents a good copy of the real UMN login page.
  • URL reveals the login page is hosted at a compromised WordPress site in Australia!

Thursday, April 16, 2015

Phishing Example 94: Find PDF Copy (yet another fake document share)

Received April 2015

From:
Date: Thu, Apr 16, 2015 at 11:30 AM
Subject: Find PDF Copy
To:

[image: Spreadsheet]
I've shared an item with you.

          [image: Spreadsheet]Retrieve Document
<hxxp://xxxxxxx.com/view8/instructions/up/index.php>

Google Docs makes it easy to create, store and share online documents,
spreadsheets and presentations.



  • Again - NOT hosted at the University
  • NOT what a real Google Doc login looks like.
  • See http://phishing.it.umn.edu/2015/01/advisory-logging-on-to-university.html
  • Anyone who did reply with their account information should reset their password and account secrets immediately at http://www.umn.edu/myaccount

Wednesday, April 15, 2015

Phishing Example 93: Its Help Desk

Received April 2015

Subject: RE: Its Help Desk

Dear E-mail User.

Your EMAIL ACCOUNT PASSWORD Expires Today, to UPDATE Please Click LOGON
<hxxp://xxxxxxx.wix.com/outlookwebapp> and Follow Instructions.

ADMIN HELP DESK
Connected to Microsoft Exchange
© 2014 Microsoft Corporation. All rights reserved

notes:

  • No UMN branding at all.
  • Hosted at wix.com - not umn.edu.
  • Password displays in clear text.

Important - 

The University DOES mandate passwords be changed at least once a year, and currently DOES send out reminders. Those reminders contain information about this policy AND links to supporting
information.


Tuesday, April 7, 2015

Advisory: FBI Warns of Fake Govt Sites

Krebs on Security posted a reminder of recent FBI announcements:

The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web searchers.



The FBI advice regarding the fake government sites is good practice for engaging in transactions on the internet - research and review before contacting online services:

Below are some consumer tips when using government services or contacting agencies online:

  • Use search engines or other websites to research the advertised services or person/company you plan to deal with.
  • Search the Internet for any negative feedback or reviews on the government services company, their Web site, their e-mail addresses, telephone numbers, or other searchable identifiers.
  • Research the company policies before completing a transaction.
  • Be cautious when surfing the Internet or responding to advertisements and special offers.
  • Be cautious when dealing with persons/companies from outside the country.
  • Maintain records for all online transactions.
As a consumer, if you suspect you are a victim of an Internet-related crime, you may file a complaint with the FBI’s Internet Crime Complaint Center atwww.IC3.gov.

Also mentioned - hacked sites taking advantage of out-of-date Wordpress installations:


http://www.ic3.gov/media/2015/150407-1.aspx