Go to the U of M home page

Tuesday, October 11, 2016

Example 162: Web-mail Security update

Attached PDF with link to fake UMN login - Received October 2016

Things to note:


  • Comes from "Mail Server," but email link is to a user account.
  • Includes a PDF attachment (see below) carrying a link to the fake login.
  • Login page copies (not exactly) the NEW UMN login page (see below). Fake page is missing wordmark and small icons seen in the real page. 
  • Fake page not hosted at umn.edu
  • The University does NOT send PDFs just to point users to a login page - this was a trick to avoid spam filters.


MESSAGE TEXT:
From: Mail Server < compromised user account @ umn.edu>
Date: Mon, Oct 10, 2016 at 4:46 PM
Subject: Web-mail Security update
To:
Preview 'attached' document and act as instructed to keep you safe from online threat.
ATTACHED PDF:
FAKE LOGIN PAGE:
Copy of NEW UMN login - is missing complete branding

REAL LOGIN PAGE:
REAL UMN login page. Includes Full branding and icons.
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

© Regents of the University of Minnesota. All rights reserved. Equal opportunity educator and employer.