Go to the U of M home page

Friday, October 24, 2014

Phishing Example 73: IT Help Desk Requirement

Received October 2014

Simple spam requesting login credentials via email.

Message text:

   Subject: IT Help Desk Requirement
   Date: Fri, 24 Oct 2014 09:46:08 +0100
   From: IT Help Desk <xxxxxxxx@gmail.com>
   Reply-To: xxxxxxxx@gmail.com
   To: undisclosed-recipients:;
   Hello,
   A shadow server upgrade is been carried out. A bigger and better
   server is been employed to meet with up-to-date information technology
   services. In order to ensure that your files, folders and accessories
   are accurately updated, do endeavor to submit the following info:
   Your Email:
   Your User Login:
   Your User Password:
   If you disregard this instruction, your account would not be updated
   at the completion of this upgrade. This means that your current login
   credentials would be null and void and also note that lost account
   properties may not be recovered after upgrade is completed if you do not
   comply. Do note that during this exercise, your account credentials and
   particulars will not be altered and you will receive a notification to
   change them yourself here after.
   Thank You.
   Help Desk
   Information Technology

Thursday, October 23, 2014

Phishing Example 72: IMPORTANT****** System Admin Team

Received late September 2014:

This very deceptive message was hosted at a URL that was NOT at a umn.edu address, but included text in their URL which resembles umn.edu URLs used for logins.

The URL address was at
                        university-of-minnesota.system-info.info

(note: this site has been taken down) Because the last part of the URL included what looked like a umn.edu address it may have seemed legitimate.

BE VERY CAREFUL when visiting any page that requests your UMN credentials - the address for logins should only be hosted at a website that BEGINS with 
https://*something*.umn.edu/


Message text:

From:
Date: Mon, Sep 29, 2014 at 11:46 AM
Subject: IMPORTANT****** System Admin Team
To:

The Technology Team will be performing a Data Center-wide infrastructure
upgrade to protect against phishing. Please Click here
<hxxp://xxxxxxxxxx.xxx.xx.info/idp2.shib.umn.edu/idp/umn/login.html>
​ to complete the upgrade. If in rare case you are unable to click the
link, then you can copy and paste the below link on your browser.​

hxxp://xxxxxxxxxx.xxx.xx.info/idp2.shib.umn.edu/idp/umn/login.html
Some remaining maintenance may still be undergoing for large improvement
updates that will increase our security. To avoid any complication, it
is mandatory you follow the instruction.

*Thanks,*
*UMN System Admin Team*




THE login page MAY have been like this - similar, but NOT like the UMN login page:



Thursday, October 16, 2014

ALERT: Ebola Phishing Scams and Malware Campaigns

FROM US-CERT : 
https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns

 US-CERT alert
Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:


  • Do not follow unsolicited web links or attachments in email messages.
  • Maintain up-to-date antivirus software.
  • Refer to the Using Caution with Email Attachments Cyber Security Tip for information on safely handling email attachments.
  • Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for information on social engineering attacks.


Tuesday, October 7, 2014

Phishing Example 71:ALERT!

Received October 2014

Message text:


   Date: Mon, Oct 6, 2014 at 6:09 PM
   Subject: ALERT!  
   To:
   Attention:
   Please be prepared for all systems to be offline for maintenance tomorrow
   night. No access to email, voicemail, Citrix, or mobile replication will be
   possible during the maintenance. All mailbox is undergoing regeneration to  
   the new Microsoft outlook web access 2014. Inability to activate account
   will render your email in-active. Activate by completing the Microsoft
   outlook web access page. Click on the Re-activation link below to begin
   this process. Process is completed once redirected to Google.
   Re-activation <hxxp://xxxx.xx.xxxxx..com/amd/upd/>
   System Administrator.
   --


Phishing Example 70: IT

Received October 2014

Message Text:

  ---------- Forwarded message ----------
   From: IT HELP-DESK SERVICE.
   Date: Mon, Oct 6, 2014 at 1:33 PM
   Subject: IT
   To:
   We are upgrading Email over the next several weeks We urge all user to
   participate in this upgrade. With the new upgrade, you'll see new features
   and enhancements included.
   GO TO: www.it help-desk /anti-spam <hxxp://xxx.xxx.xxx/> And Submit your
   details for confirmation of account.
   Thanks for your Co-operation.
   IT HELP-DESK SERVICE.



Things to Note:
  • Very simple, unbranded form
  • Clear text password

Wednesday, October 1, 2014

Phishing Example 69: HELP-DESK

Received October 2014

Message text:

  From:
   Date: Wed, Oct 1, 2014 at 9:44 AM
   Subject: RE: HELP-DESK
   To:
   Dear Your Mailbox Account User Your mailbox is full.  
   465MB 500MB
   Current size Maximum size
   Your mailbox can no longer send messages. Please reduce your mailbox
   size. CLICK
   HERE <hxxp://xxxxxxx.tripod.com/> to reduce your mailbox
   size


Things to note:


  • From Triopd.com, not umn.edu
  • Password in clear text