Go to the U of M home page

Friday, January 23, 2015

ADVISORY: Logging on to University Google resources


From time to time, you will see phishing schemes that claim to be a Google Doc. Most recently, many have received a scam letter titled "I've shared an item with you." The "google link" in the email doesn't go to Google, of course - and it presents a login that looks like this:


Currently, a REAL Google login should look like this:



But, be careful. Looking like this is not enough.

(PLEASE note - if you are  already logged in to gmail, following a link to a google doc should NOT present you with a login - you're already logged in.)

When

  1. You ARE prompted to login to a resource for the University, 
  2. AND you receive the Google prompt,
  3. DO NOT enter your password.
  4. Just present your email address, e.g. internet-id@umn.edu
Like this:



If it's legitimate, you may next see:
(You'll see this if Google thinks you have two versions of NAME@umn,edu, Choose "Organizational")


You'll do your real Internet ID + Password login on this screen: 



Remember, if legitimate, THIS login page will be hosted at an address that ends in "umn.edu." If it isn't, it is unlikely to be a real login page and you should report it to phishing@umn.edu.



Tuesday, January 20, 2015

Phishing Example 84: Powered By Google© 2015

Received January 2015

Subject: Powered By Google© 2015 
Date: Wed, 21 Jan 2015 04:12:04 +0400 
From: "Google© 2015" <googleaward@europe.com>

Dear Google User,

You have been selected as a winner for using Google services. Find attached email with more details.

Congratulations,

Matt Brittin
Chairman of the Board and Managing Director,
Google United Kingdom.
©2015 Google Incorporation.

Note: Do not download or open the attachment. 

Thursday, January 15, 2015

Phishing Example 83: I've shared an item with you.

received  January 2015:

Subject:    I've shared an item with you.
Date:   Thu, 15 Jan 2015 17:00:17 +0100
From:
To:     undisclosed-recipients:;



Hello,

I've shared a document with you, It's not an attachment -- it's stored
online at Google Drive. To open this document, Go to
hxxp://drive.google.com <hxxp://xxx.xx.xx.br/wp-content/access> and
just sign in with your email to view.

---Note: You'll need to sign into Google Drive with your email address.

Best regards
 
 
 

Notes: 
  • Distributed by a compromised UMN account - probably BCC'd to all contacts.
  • Simple Google Doc login form - NOT A Real Google Login screen, but not shoddy.
  • Filling in form lead to a PDF (below) adding to plausibility.

PDF displayed when you fill in the form

Wednesday, January 14, 2015

Phishing Example 82: ALERT: DOWNLOAD EMAIL QUOTA UPGRADE INSTRUCTION‏

Received January 2015

Date: Wed, Jan 14, 2015 at 1:47 AM
Subject: ALERT: DOWNLOAD EMAIL QUOTA UPGRADE INSTRUCTION‏
To:

Contains only a link called
Download WEBMAIL UPGRADE FORM.pdf


Notes: Do not click the link to download the file.