Received November 2014:
From: University of Minnesota <XXXXX@xxxxxxx.edu>
Date: Sat, Nov 29, 2014 at 3:07 PM
Subject: Urgent Update From Umn.edu
To:
*Dear Umn.edu User,*
*Due to the newest upgrade to our database, we have placed your four
incoming mails on pending status .In Order to receive the four new
messages, Click Here
<hxxp://xxxxx.weeklynepal.com/wp-includes/pomo/redirect.php>to login and
wait for response from our email support team.We sincerely apologize for
any inconveniences and appreciate your understanding..Thank you.*
The link takes you to an exact copy of the University's login page, but the URL is false.
Phishing Scams Targeting the UMN
Saturday, November 29, 2014
Friday, November 21, 2014
Phishing Example 77: Review Documents
Received November 2014:
---------- Forwarded message ----------
From:
Date: Fri, Nov 21, 2014 at 7:53 AM
Subject: Review Documents
To:
I want you to see this, its very important. Just CLICK HERE
<hxxp://ixxxxxxxxxx/language/overrides/index0032.php> and sign in to
view. The file is too large so I couldn't attach it.
--
Tricky fake Google page - aimed at harvesting Gmail/AOL/Yahoo or Microsoft passwords:
---------- Forwarded message ----------
From:
Date: Fri, Nov 21, 2014 at 7:53 AM
Subject: Review Documents
To:
I want you to see this, its very important. Just CLICK HERE
<hxxp://ixxxxxxxxxx/language/overrides/index0032.php> and sign in to
view. The file is too large so I couldn't attach it.
--
Tricky fake Google page - aimed at harvesting Gmail/AOL/Yahoo or Microsoft passwords:
Double tricky - they look for more info on you:
Hat trick! They send you to an "Art page" since the original email came from an account at an Art museum!
Wednesday, November 12, 2014
Advisory: Payroll Theft Scheme
Novermber 2014
REN-ISAC has released an important advisory regarding payroll theft schemes tied to phishing.
The advisory notes that several peer institutions have been affected, and is available at
http://www.ren-isac.net/
Phishing Example 76: Deceptive Login, Deceptive URL
Discovered November 2014
Here's an example of a very deceptive phishing page we discovered recently.
This page uses a copy of the real University login page. Almost every link on the page goes to the right (i.e. .UMN.EDU based) place, except the part that takes your ID AND PASSWORD! The URL for the page even looks like the real login page - except the ending of the URL adds "lib1.in" to the end.
Here's an example of a very deceptive phishing page we discovered recently.
This page uses a copy of the real University login page. Almost every link on the page goes to the right (i.e. .UMN.EDU based) place, except the part that takes your ID AND PASSWORD! The URL for the page even looks like the real login page - except the ending of the URL adds "lib1.in" to the end.
Be aware of the URL when you click on a link!
Be wary of anything asking for your University ID and password!
Tuesday, November 4, 2014
Phishing Example 75: Admin Help Desk
Received November 2014
Message Text:
From:
Subject: Admin Help Desk
Due to technical reasons, we are expanding and upgrading all Mailbox immedi=
ately. Please CLICK HERE<hxxp://contactme.com/xxxxxxxxx> and=
fill the form completely. click submit for validation.
Message Text:
From:
Subject: Admin Help Desk
Due to technical reasons, we are expanding and upgrading all Mailbox immedi=
ately. Please CLICK HERE<hxxp://contactme.com/xxxxxxxxx> and=
fill the form completely. click submit for validation.
Things to note:
- Odd spelling of words.
- Clear text password display.
- No UMN branding.
- Hosted at "ContactMe.com," not "umn.edu."
Monday, November 3, 2014
Phishing Example 74: Notice
Received November 2014:
Message text:
From: Webmaster@
Date: Sun, Nov 2, 2014 at 9:02 PM
Subject: Notice
To:
Following security breach on our server. All account owners are to update
his / her account for upgrade, CLICK or COPY ( xxxxx.webs.com )
to update your account.
Technical Support
Message text:
From: Webmaster@
Date: Sun, Nov 2, 2014 at 9:02 PM
Subject: Notice
To:
Following security breach on our server. All account owners are to update
his / her account for upgrade, CLICK or COPY ( xxxxx.webs.com )
to update your account.
Technical Support
Things to note:
- odd anti-filter spellings of "userid" and "password."
- Passwords display in the clear.
- Not from umn.edu.
- Hosted at a commercial web page provider.
- Page includes a link for "photo albums."
Subscribe to:
Posts (Atom)
© Regents of the University of Minnesota. All rights reserved. Equal opportunity educator and employer.