Go to the U of M home page

Monday, May 9, 2016

Phishing Example 144: Xxxxx Yyyyyy sent you a document....

Received May 2016

Date: May 8, 2016 9:24 AM
Subject: Xxxxx Yyyyyy sent you a document....

Xxxxxx Yyyyyy  has invited you to *view* the following shared documents.

A very common sender is one UMN user who was compromised (other compromised accounts have even sent this mail "as" that user)  but we have seen "from" other false names as well.

Open <hxxp : / /  bit.ly/xxxxxxxxxxx>


  • May come "from" a real colleague (whose email account was compromised)
  • "Shared Document" is linked using a URL shortener like bit.ly
  • Link pulls a javascript file from dropbox to display a web page. but examination of the address bar DOES NOT show a conventional URL, instead you'll see something starting with "data:text"

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.