Go to the U of M home page

Thursday, March 29, 2018

Advisory: IC3 Issues Alert on Tech Support Fraud

IC3 Issues Alert on Tech Support Fraud


Original release date: March 29, 2018
The Internet Crime Complaint Center (IC3) has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending emails to entice users to accept fraudulent tech support services. Users should not give control of their computers or mobile devices to any stranger offering to fix problems.
NCCIC/US-CERT encourages users and administrators to refer to the IC3 Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you are a victim of a tech support scam, file a complaint with the IC3 at www.ic3.gov.

See also:

Omitting the “o” in .com Could Be CostlyTake care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”


Matthew Chambers is a senior security adviser at SecureWorks, an Atlanta-based firm that helps companies defend against and respond to cyberattacks. Earlier this month Chambers penned a post on his personal blog detailing what he found after several users he looks after accidentally mistyped different domains — such as espn[dot]cm. ...

Wednesday, March 28, 2018

Example 215: Library

Well crafted warning "from" the library leading to a login page intended to steal login credentials.

Message Text:

From: Library Services <txxx  @   xxxxx.edu.tr>
Date: Wed, Mar 28, 2018 at 4:25 PM
Subject: Library
To:

Dear User,
This message is to inform you that your access to the library will soon
expire. You will have to login to your account to continue to have access
to this service.
You can reactivate it by logging in through the following URL. A successful
login will activate your account and you will be redirected to your page.   
   hxxp://login.umn.xxxx.ga/idp/profile/SAML2/Redirect 

If you are not able to login, please contact Sarah Miller at
    xxxx@umn.edu (fake email) for immediate assistance.
Sincerely,
Sarah Miller (not a library staff member)
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South

Web Form:


forged UMN web login
forged UMN web login

Things to Note:

  • Web URL is NOT at *.umn.edu
  • Email comes from a Turkish (.tr) address
  • Email in letter is a non-existant UMN address
  • Filling in form (please don't!) redirect to REAL UMN login

Monday, March 26, 2018

Example 214: UNIVERSITY OF MINNESOTA

Fake message claiming to be from the UMN leading to a login page aimed at stealing passwords.

Message text:
From:
Date: Mon, Mar 26, 2018, 9:56 AM
Subject: UNIVERSITY OF MINNESOTA
To:

Dear Staff/Students,
Due to the recent migration to 2018© web server, you are requested to
update your record within the next 24hrs to validate your existing
information in order to keep your record up to date.
*Kindly click **Verify or Update* <hxxs://xxxxxxx.weebly.com/>* to
access your set up
Copyright © 2018 Outlook Mail! Inc..
Web Form:

fake UMN webform
fake UMN webform
Things to Note:

  • Not from a UMN.EDU email
  • Web form hosted at "weebly.com" (free web page provider)

Tuesday, March 20, 2018

Advisory: Facebook Phonies

Fraudulent pages attempt to lure incoming students into fake University Facebook Groups.

STATEMENT FROM THE UNIVERSITY OF MINNESOTA
Each year as students confirm their enrollment to the University of Minnesota, they receive an official Welcome email that lists next steps—such as reminders to apply for financial aid and housing—and other options to consider before their New Student Orientation in the summer. 
Included in that email is information about a closed Facebook group created by the University of Minnesota that is just for students in the incoming class. The University works to verify that only confirmed freshmen are accepted to the group so that these students can connect with others in their cohort without the distraction of marketing efforts or misrepresentation. 
Students should be aware that an official University of Minnesota Facebook page or group would never:
•    endorse or promote the purchase of commercial products or services that are unaffiliated with the University of Minnesota;
•    ask for personal or student data, such as a student ID, social security number or other personal identification data;
•    solicit payment or purchasing information for any reason through these channels.
As for outside entities, actions are limited when a page clearly identifies itself as unofficial, independently run and unaffiliated with the University. In some circumstances, Off-Campus Living - a unit of the Office for Student Affairs - will join unofficial groups to monitor for and respond to questions within the unit's area of focus. If an applicant has questions about a particular page or group, they are encouraged to contact Orientation & Transition Experiences.