Go to the U of M home page

Wednesday, September 30, 2015

Phishing Example 111: (multiple) Contract page / Heads up pages / Waldo page / Important review

Received September 2015


  • Multiple examples seen, similar body, different subjects. 
  • Same link for all - an Indian (.in) website
  • Page goes to a fake Google login (without current Google logo) and non-standard login



From:
Date: Wed, Sep 30, 2015 at 4:18 PM
Subject: Contract page
To:


Very good, attached please find the last sets of paper work Uploaded using
Google drive <hxxp://xxxxxxxxxxx.in/dss/Hot/page/auth/view/document> in
your final review, and don't forget to follow the instruction, to make a
review.

Kind regards


Posted by at No comments:

Wednesday, September 16, 2015

Phishing Example 110: Vital Information

Received September 2015

From:
Date: Wed, Sep 16, 2015 at 10:37 AM
Subject: Vital Information
To:

Hello

I've Shared a secure file Document attached with Google icon

CLICK DOCUMENT

*Regards*



NOTE:

  • Old Google logo
  • Includes non-Google logins (Google doesn't)
  • Hosted at a .IN (India) address
Posted by at No comments:

Friday, September 11, 2015

Phishing Example 109: Updated Purchased labor report (et al)

Received September 2015

Multiple subject lines, all going to the same URL

Other subject lines:

  •  FY13 Rates
  • financial report
  • floor replacement

Email message goes to a fake google doc login page

Note out-of-date Google branding

Clicking on the link gives you the choice of logging in with MULTIPLE(!) email accounts?


Note also the website is hosted at an Iranian site (.ir ending) which appears to be hosted in France.

Posted by at No comments:

Tuesday, September 8, 2015

Phishing Example 108: Urgent

Received September 2015

From: Bernice Martin
Date: Tue, Sep 8, 2015 at 12:08 PM
Subject: Urgent
To:
g
GGoogle Drive
Bernice uses Google unit to safely share files with you safely!

View - Download files <hxxp://xxxxxxx/XXXXX>

*scan011.pdf           *

*scan012.pdf*

Bernice Martin
Accountant


Note: 
  •    Not a normal Google or UMN login
  •    Login not hosted AT Google.


Posted by at No comments:

Phishing Example 107: Scanned Documents

Received September 2015

*From: *Neil Morris <neilhmorris@yahoo.com>
*Date: *September 8, 2015 8:18:20 AM CDT
*Subject: **RE: Scanned Documents*
*Reply-To: *Neil Morris <neilhmorris@yahoo.com>


You have a pending incoming docs shared with you via Dropbox
Click to open: *SECURE MESSAGE
<hxxp://db.vXXXXs.com/R-viewdoc/Re-viewdoc/index.htm>*

I've shared a secured file document attached with Google Drop Box.
.

Notes:

  • The University does not use Dropbox for sharing.
  • The link does NOT go to dropbox.com
  • The link offers multiple non-umn logins
What? This said Dropbox, but shows Google.
That is NOT the UMN Google login.

Ends at some bogus (and out-of-date) document


Posted by at No comments:
Subscribe to: Posts (Atom)

© Regents of the University of Minnesota. All rights reserved. Equal opportunity educator and employer.