Simple phishing attempt offering "email upgrade"
Message Text:
Subject: WEBMAIL UPGRADE
To: "Recipients"
From: "IT HELP DESK" <webmaster@xxxx-info>
Date: Mon, 03 Dec 2018 22:54:22 -0800
Your webmail quota has exceeded the set quota which is 2GB. you are currently running on 2.3GB to re-activate and increase your webmail quota please verify and update your webmail Account by clicking the link hxxp://www.some-domain-here.cf/ fill the form for upgrade.
Webform:
 |
| fake login webform from CF domain |
Things to Note:
- No "UMN" branding
- Email not from a @umn.edu sender
- Message really comes from a gmail.com address, but reads "From" a .info address
- Webform not encrypted - not https, but http - most browsers warn against putting passwords in such forms
- Form hosted at a .cf (Central African Republic) address, not UMN.EDU
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.