Go to the U of M home page

Monday, April 17, 2017

Example 196: ID:431 -Account Reset Notification

Account termination warning aimed to get your password.

Message Text:

Sent: 17 April 2017 17:25
Subject: ID:431 -Account Reset Notification
      This message is sent from a trusted sender.
Account Confirmation
Dear User,
We received a request from you yesterday to terminate your account
permanently and we are working on that now. but first we need to confirm, If
you did not request this, please follow this link to
hxxp://xxxxxxxxxxxxxxx/help-desk.html   to cancel the
request immediately.
If you actually request to delete your account, please ignore this email.
Thank you for using Microsoft services . .
Web Form

Fake login page - with working captcha!
Fake login page - with working captcha!

scammer provided "privacy policy"
scammer provided "privacy policy"

Things to note:

  • Web form and message have no U of Mn branding
  • Form refers to Microsoft Outlook mail - UMN uses Google
  • Form has a working "captcha" - you have to enter the right info to proceed
  • Form even has a "privacy policy" telling you YOU ARE SAFE (no, you are not if you enter your password here).

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.