Go to the U of M home page

Saturday, March 21, 2015

Phishing Example 92: Details of Your New Salary Raise

Received March 2015

Note: This is a variation of last week's scam hosted again at cphcph.com

 From: UMN HR
 Date: March 21, 2015 at 16:11:31 GMT+1
 To:  Subject: Details of Your New Salary Raise


 The 2014 salary structure was recently reviewed and it was discovered
 that you are due for a 4.18%

 salary raise on your next paycheck starting March 2015.

 Login below with your credentials to read your salary raise letter.

 Access the documents here xxxxx.com/www.umn.edu/Sign-in.htm


Human Resources

University of Minnesota

Thursday, March 19, 2015

Advisory: Notice to Appear in Court (and other lies)

Received March 2015

We've seen an uptick in a phishing spam with a bonus - a nasty attachment!

Below are some examples - other emails claim to be invoices, or package shipment details. Treat these as spam, and delete - the attachments can contain invasive programs that are intended to download malware and infect your computer.

If you've opened one of these attachments, contact your tech support ASAP for assistance. Depending on how invasive the payload is, you may need to reinstall your system!

Beware, and be aware - unexpected email like this is almost certainly fraudulent.

From: District Court
Date: Thu, Mar 19, 2015 at 7:26 AM
Subject: Notice to appear in Court #00000733060

Notice to Appear,

You have to appear in the Court on the March 24.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: If you do not come, the case will be heard in your absence.

You can review complete details of the Court Notice in the attachment.

Kind regards,
Bob Lewis,
District Clerk.

From: District Court
Date: Sun, Feb 15, 2015 at 3:01 PM
Subject: Notice to appear in Court #00383465

Notice to Appear,

You have to appear in the Court on the February 23.
Please, prepare all the documents relating to the case and bring them to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.

The copy of Court Notice is attached to this email.

Kind regards,
Timothy Davenport,
Court Secretary.

Tuesday, March 17, 2015

Phishing Example 91: ITS HELP-DESK

Received March 2015

Subject: ITS HELP-DESK‏‏
Date: Tue, 17 Mar 2015 14:01:54 +0000

All Faulty\Staff Mailbox Message ! 45GB 50GB
 We currently upgraded to Saver to 50GB inbox space. Please log-in to
your user account to validate E-space.
Your emails won't be delivered by our server, unless email account is confirmed.
protecting your email account is our primary concern,
for account update (Web Mail)
click on Outlook Web Access<hxxp://oultloo.jigsy.com/>
should you have any questions please contact the IT Helpdesk.
Copyright ©2015 ITS Help Desk

Things to note

  • Badly constructed form
  • Form hosted at jigsy.com
  • Misspelling on form
  • Passwords show in clear
  • Not UMN branded

Friday, March 13, 2015

Wednesday, March 11, 2015

Phishing Example 89: IMPORTANT NOTICE: Secure Your Mailbox Account

Received March 2015

From: "
Date: Mar 11, 2015 12:48 PM
Subject: IMPORTANT NOTICE: Secure Your Mailbox Account

*New ZixCorp secure email message from xxxx@xxxxx.xxx
*Open Message

To view the secure message, click Open Message.

The secure message expires on Mar 25, 2015 @ 05:48 PM (GMT).

Do not reply to this notification message; this message was auto-generated
by the sender's security system. To reply to the sender, click Open Message.

If clicking Open Message does not work, copy and paste the link below into
your Internet browser address bar.

Want to send and receive your secure messages transparently?
Click here <hxxp://www.zixcorp.com/info/zixmail_ZMC> to learn more.

Things to Note:
  • Mail comes from a compromised zixmail user (https://en.wikipedia.org/wiki/Zix_Corp)
  • Mail provides a link to a Weebly run page
  • NONE of the links are hosted on UMN.EDU pages.

Thursday, March 5, 2015

Phishing Example 88: Important account information update

Received March 2015

From: University of Minnesota <xxxxxx@georgetown.edu>
Date: Thu, Mar 5, 2015 at 1:38 PM
Subject: Important account information update

*Hello University Members,*
You are required to update your University of Minnesota account information
due to recent update in our database. Please follow the link below to
update your account information.
University of Minnesota Account Update

The University of Minnesota

Things to note:

  • URL is NOT from "umn.edu," - it's hosted in Spain.
  • VERY good copy of current login page
  • IF a person fills it out, it redirects to myu.umn.edu and will show you what appears to be the same login page. Users will probably assume they mistyped their password and re-enter it, THEN get a successful login.

Monday, March 2, 2015

Phishing Example 87: University Mail Update: Alert

Received March 2015

Alarming message requesting (by email)  ID and password to clear recipient regarding a terror threat email. Unusual for

  • connecting the scam to a "terror threat" as well as 
  • expecting a reply by email instead of filling in a form: