Received November 2017
Things to note
- Email comes "from" President Kaler, but really sent by a compromised user's account
- Attachment contains a PDF - only to deliver a link to a fake login
- Attachment says "dropbox" doc, but goes to fake Google login
- "Logging in" flips to real Google Drive - if user is logged in to Google, they will see their own drive - otherwise they'll see a Google login
Message Text:
From: compromised user < xxxx@ .umn.edu>
Date: Thu, Nov 10, 2016 at 9:59 AM
Subject: University Of Minnesota Required Update For All Staffs
To:
Office of the President
Dear All,
Attached is an important update for you, Download and verify your email
identity.
P.S: If you do not verify your email identity, there will be restrictions
accessing your email.
Sincerely,
Eric W. Kaler
President
------------------------------
This email was sent to faculty, staff and students at the University of
Minnesota, Morris by: Office of the President, 202 Morrill Hall, 100 Church
St S.E., Minneapolis, MN, 55455, USA. Read our privacy statement
<http :// click.ecommunications2.umn.edu/.... copied link to make it look real>
 |
| fake Dropbox pdf with link to fake login page |
Fake Login
 |
| Fake "Google" login page with multiple email providers |
"Error" message following login
 |
| Error message after filling in login form |
Sends to REAL Google Drive/Docs
 |
| Real Google Drive login presented if user not logged in to Google |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.