Go to the U of M home page

Tuesday, November 21, 2017

Example 209: Library Notifications

Bogus warning forged as from UMN library - links to a clone of UMN login page via wisc.edu quicklink.

Message text
From: University of Minnesota Libraries <libraries@ umn. co> <<--NOTE "UMN.CO" senderDate: Tue, Nov 21, 2017 at 7:39 AMSubject: Library NotificationsTo: 

Dear Library User,
Our records show that your access to University of Minnesota Libraries System is about to expire. Due to security precautions established to protect University Libraries System, you have to renew your library account on a regular base, so please use the following link
(Note: this fake link in TEXT, really links to a go.wisc.edu quicklink to a fake UMN login)
After your successful authentication, your access will be restored automatically and you will be redirected to the library homepage. If you are unable to log in, please contact the library help desk for immediate assistance. We apologize for any inconveniences this may have caused.

Thank you,

University of Minnesota Libraries 309 19th Ave S, Minneapolis, MN 55455libraries@umn.edu  <<---NOTE non-existent "libraries@umn.edu" address
Web Form

Forged UMN login page
Forged UMN login page
Things to Note:

  • Email comes from "umn.co," not "umn.edu" 
  • Displayed URL appears to be a umn.edu address, 
  • BUT goes instead to a wisc.edu URL-shortener service 
  • Final URL includes "umn.edu" but ends in "citt.cf"
  • IF you "logged in" you will be redirected to the UMN library site - if you did this change your password ASAP!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.