Go to the U of M home page

Tuesday, December 4, 2018

Example 224: WEBMAIL UPGRADE

Simple phishing attempt offering "email upgrade"

Message Text:

Subject:  WEBMAIL UPGRADE
To: "Recipients"
From: "IT HELP DESK" <webmaster@xxxx-info>
Date: Mon, 03 Dec 2018 22:54:22 -0800
Your webmail quota has exceeded the set quota which is 2GB. you are currently running on 2.3GB to re-activate and increase your webmail quota please verify and update your webmail Account by clicking the link hxxp://www.some-domain-here.cf/ fill the form for upgrade.

Webform:


fake login webform from CF domain
fake login webform from CF domain

Things to Note:

  • No "UMN" branding
  • Email not from a @umn.edu sender
  • Message really comes from a gmail.com address, but reads "From" a .info address
  • Webform not encrypted - not https, but http - most browsers warn against putting passwords in such forms
  • Form hosted at a .cf (Central African Republic) address, not UMN.EDU

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.