From: UMN Help Desk <XX Compromised USER @ umn.edu>
Date: Tue, Mar 8, 2016 at 8:32 AM
Subject: [ UMN ] NetID
Hello user ,
We have placed a temporal hold on two incoming mails to your account due to
To continue receiving messages, follow https://mail.umn.edu
<hxxp://bit.ly/ address> and validate your service.
This helps us stop automated programs from sending junk email.
We apologize for any inconvenience and appreciate your understanding.
UMN account team.
- sent from a compromised UMN.EDU user account
- uses bit.ly to obscure the destination (yeattsdirect.com)
- Very good copy of UMN login page
- URL obscured in the browser (see image below)
|click to expand - not obscured URL|