Go to the U of M home page

Tuesday, March 14, 2017

Example 193: New Payroll Information !

Forged message displaying plausible URL, really linked to a fake UMN login page hosted off umn.edu.  (NOTE: you may have been directed to this page from an educational "phish" message you received recently)

MESSAGE TEXT
From: University of Minnesota <notification@umn.edu>
Date: Mon, Mar 13, 2017 at 7:16 PM
Subject: New Payroll Information !
To: xxxxx@umn.edu

 Dear Member
U have 1 New Notification Regarding Your New Payroll
https://login.umn.edu/idp/profile/SAML2/media/hr/payroll/forms/w2-duplicate-request.pdf
Best Regards,
University of Minnesota
LOGIN FORM

Forged UMN sign in page
Forged UMN sign in page
THINGS TO NOTE
  • Email appears to come from "notification@umn.edu," a non-existent address
  • Email appears to show a umn.edu web address (that does NOT exist), but really goes through a Polish server that redirects to another server to present a
  • Web form that presents a copy of the umn login page, hosted at a compromised .org address


Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

© Regents of the University of Minnesota. All rights reserved. Equal opportunity educator and employer.