Go to the U of M home page

Friday, November 4, 2016

Example 167: Please view classified information to all staffs

PDF "from" Pres. Kaler with link to fake Google login
Received November 2016

Things to note

  • Message says "from President Kaler" but sender email is a compromised student account
  • Attachment contains a PDF only to deliver a link to a fake Google login
  • Google login (not *at* google.com) presents multiple email provider choices - Google doesn't do that

Message Text:
From: President Eric W. Kaler <  compromised user account@umn.edu>
Date: Fri, Nov 4, 2016 at 12:49 PM
Subject: Please view classified information to all staffs
To:

Hi,
please go through file report which i just shared with you,
it's need your prompt attention, Access Attached document
let me know if you have questions.
Sincerely
ERIC W. KALER
President
PDF with link to login form
PDF send to deliver link to phishing form
PDF send to deliver link to phishing form

Fake Login Form
Fake Google login - including non-Google email choices
Fake Google login - including non-Google email choices

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.