Go to the U of M home page

Wednesday, July 8, 2015

Phishing Example 104: Coordinated Phishing Campaign

Reported July 2015

We are seeing a coordinated set of phishing messages aimed at harvesting information from the University community. Please report any such mail you've received to phishing@umn.edu

If you have entered your login information in such a fraudulent page - change your password immediately. If you have revealed personal or financial information, please refer to https://www.identitytheft.gov/ for steps to secure your information.

First - emails are sent to steal login information:

Subject: School Mail Box Validation
   Date: Wed, 8 Jul 2015 06:55:55 +0100
   From: ctl HELP-DESK

It has been our pleasure to provide you with an [2]umn.edu campus login and
email account in the past. Please be advised that effective 11/07/2015 we will
be deleting accounts whose account has not been validated yet.
 Re-Validate< Click Here>

Please make arrangements to move valued email messages to another email
account before the above date, as all messages will be deleted along with the
accounts at that time if you no longer need it.
Thank you for your attention.

(NOTE some of these come from outside the U, but once they get some accounts this and the rest are sent from UMN accounts, and the forms are hosted at UMN google).

NEXT - Phished login information is used to set up a variety of forms used to steal financial information. Phished accounts are then used to send this email to UMN community members.

To :  <undisclosed-recipients:;>
Date : Wed, 08 Jul 2015 01:12:37 -0500
Subject : Visa/Master Card Verification
============ Forwarded message ============
 Dear Esteemed Customer,
 Due to some suspicious activities, we advice you verify your VISA/MASTER CARD details.
 Please click here < Verify >  to verify your card.
 For your safety this link will expire within 6 hours 
 ? Copyright 1996-2015 Visa. All Rights Reserved.

*From:* ctl@umn.edu.RE-VALIDATE 
      (NOTE: ctl@umn.edu is a non-existent UMN address)
*Sent:* Wednesday, July 08, 2015 4:03 AM
*Subject:* Easy Fast And Reliable??

*Internal Revenue Service Record Shows You Are Still Yet To Validate.*
Update your *Internal Revenue* *Record* immediately today,
validation of your identity due to the new health care *Service* and much
click here to -  *< Validate >

USA.gov is the U.S. government's official web portal.
*For your protection, this link would expire in six hours*


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.