Go to the U of M home page

Tuesday, November 22, 2016

Example 174: INVITATION TO ACCESS NECESSARY DOCUMENT [DOCX..313]

PDF from compromised user, goes to fake Google login
Received November 2016

Things to note

  • Email comes from a compromised umn.edu user's account
  • Multiple subject lines used, all about "document" requiring review
  • Attached PDF contains a link to a fake website (we've seen multiple including from the UK and Italy) that has a fake Google login form
  • Filling in page redirects to real Google Drive or a dummy document.


Message:

From: "X Xxxxx" <xxxxx @ umn.edu>
To: Subject: INVITATION TO ACCESS NECESSARY DOCUMENT [DOCX..313]
Date: Tue, 22 Nov 2016 11:22:13 -0400
Hello,
Please go through file report which i just shared with you,
it's need your prompt attention,
 Access Attached document and let me know if you have questions

PDF with link

dummy PDF used to deliver link to phishing form
dummy PDF used to deliver link to phishing form


Fake Login Form
Fake Google Login / includes multiple email providers (Google DOES NOT)
Fake Google Login / includes multiple email providers (Google DOES NOT)

Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

© Regents of the University of Minnesota. All rights reserved. Equal opportunity educator and employer.