Received March 2015
Note: This is a variation of last week's scam hosted again at cphcph.com
From: UMN HR
Date: March 21, 2015 at 16:11:31 GMT+1
To: Subject: Details of Your New Salary Raise
Hello,
The 2014 salary structure was recently reviewed and it was discovered
that you are due for a 4.18%
salary raise on your next paycheck starting March 2015.
Login below with your credentials to read your salary raise letter.
Access the documents here xxxxx.com/www.umn.edu/Sign-in.htm
Faithfully,
Human Resources
University of Minnesota
Phishing Scams Targeting the UMN
Saturday, March 21, 2015
Thursday, March 19, 2015
Advisory: Notice to Appear in Court (and other lies)
Received March 2015
We've seen an uptick in a phishing spam with a bonus - a nasty attachment!
Below are some examples - other emails claim to be invoices, or package shipment details. Treat these as spam, and delete - the attachments can contain invasive programs that are intended to download malware and infect your computer.
If you've opened one of these attachments, contact your tech support ASAP for assistance. Depending on how invasive the payload is, you may need to reinstall your system!
Beware, and be aware - unexpected email like this is almost certainly fraudulent.
From: District Court
Date: Thu, Mar 19, 2015 at 7:26 AM
Subject: Notice to appear in Court #00000733060
To:
Notice to Appear,
You have to appear in the Court on the March 24.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: If you do not come, the case will be heard in your absence.
You can review complete details of the Court Notice in the attachment.
Kind regards,
Bob Lewis,
District Clerk.
From: District Court
Date: Sun, Feb 15, 2015 at 3:01 PM
Subject: Notice to appear in Court #00383465
To:
Notice to Appear,
You have to appear in the Court on the February 23.
Please, prepare all the documents relating to the case and bring them to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.
The copy of Court Notice is attached to this email.
Kind regards,
Timothy Davenport,
Court Secretary.
We've seen an uptick in a phishing spam with a bonus - a nasty attachment!
Below are some examples - other emails claim to be invoices, or package shipment details. Treat these as spam, and delete - the attachments can contain invasive programs that are intended to download malware and infect your computer.
If you've opened one of these attachments, contact your tech support ASAP for assistance. Depending on how invasive the payload is, you may need to reinstall your system!
Beware, and be aware - unexpected email like this is almost certainly fraudulent.
From: District Court
Date: Thu, Mar 19, 2015 at 7:26 AM
Subject: Notice to appear in Court #00000733060
To:
Notice to Appear,
You have to appear in the Court on the March 24.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: If you do not come, the case will be heard in your absence.
You can review complete details of the Court Notice in the attachment.
Kind regards,
Bob Lewis,
District Clerk.
From: District Court
Date: Sun, Feb 15, 2015 at 3:01 PM
Subject: Notice to appear in Court #00383465
To:
Notice to Appear,
You have to appear in the Court on the February 23.
Please, prepare all the documents relating to the case and bring them to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.
The copy of Court Notice is attached to this email.
Kind regards,
Timothy Davenport,
Court Secretary.
Tuesday, March 17, 2015
Phishing Example 91: ITS HELP-DESK
Received March 2015
Subject: ITS HELP-DESK
Date: Tue, 17 Mar 2015 14:01:54 +0000
From:
All Faulty\Staff Mailbox Message ! 45GB 50GB
We currently upgraded to Saver to 50GB inbox space. Please log-in to
your user account to validate E-space.
Your emails won't be delivered by our server, unless email account is confirmed.
protecting your email account is our primary concern,
for account update (Web Mail)
click on Outlook Web Access<hxxp://oultloo.jigsy.com/>
should you have any questions please contact the IT Helpdesk.
Copyright ©2015 ITS Help Desk
Things to note
Subject: ITS HELP-DESK
Date: Tue, 17 Mar 2015 14:01:54 +0000
From:
All Faulty\Staff Mailbox Message ! 45GB 50GB
We currently upgraded to Saver to 50GB inbox space. Please log-in to
your user account to validate E-space.
Your emails won't be delivered by our server, unless email account is confirmed.
protecting your email account is our primary concern,
for account update (Web Mail)
click on Outlook Web Access<hxxp://oultloo.jigsy.com/>
should you have any questions please contact the IT Helpdesk.
Copyright ©2015 ITS Help Desk
Things to note
- Badly constructed form
- Form hosted at jigsy.com
- Misspelling on form
- Passwords show in clear
- Not UMN branded
Friday, March 13, 2015
Phishing Example 90: Your New Salary As Adjusted
This summary is not available. Please
click here to view the post.
Wednesday, March 11, 2015
Phishing Example 89: IMPORTANT NOTICE: Secure Your Mailbox Account
Received March 2015
From: "
Date: Mar 11, 2015 12:48 PM
Subject: IMPORTANT NOTICE: Secure Your Mailbox Account
To:
Cc:
*New ZixCorp secure email message from xxxx@xxxxx.xxx
*Open Message
<hxxps://zixmessagecenter.com/s/e?m=xxxxxxxxxxx>
To view the secure message, click Open Message.
The secure message expires on Mar 25, 2015 @ 05:48 PM (GMT).
Do not reply to this notification message; this message was auto-generated
by the sender's security system. To reply to the sender, click Open Message.
If clicking Open Message does not work, copy and paste the link below into
your Internet browser address bar.
hxxps://zixmessagecenter.com/s/e?
Want to send and receive your secure messages transparently?
Click here <hxxp://www.zixcorp.com/info/zixmail_ZMC> to learn more.
From: "
Date: Mar 11, 2015 12:48 PM
Subject: IMPORTANT NOTICE: Secure Your Mailbox Account
To:
Cc:
*New ZixCorp secure email message from xxxx@xxxxx.xxx
*Open Message
<hxxps://zixmessagecenter.com/s/e?m=xxxxxxxxxxx>
To view the secure message, click Open Message.
The secure message expires on Mar 25, 2015 @ 05:48 PM (GMT).
Do not reply to this notification message; this message was auto-generated
by the sender's security system. To reply to the sender, click Open Message.
If clicking Open Message does not work, copy and paste the link below into
your Internet browser address bar.
hxxps://zixmessagecenter.com/s/e?
Want to send and receive your secure messages transparently?
Click here <hxxp://www.zixcorp.com/info/zixmail_ZMC> to learn more.
Things to Note:
- Mail comes from a compromised zixmail user (https://en.wikipedia.org/wiki/Zix_Corp)
- Mail provides a link to a Weebly run page
- NONE of the links are hosted on UMN.EDU pages.
Thursday, March 5, 2015
Phishing Example 88: Important account information update
Received March 2015
From: University of Minnesota <xxxxxx@georgetown.edu>
Date: Thu, Mar 5, 2015 at 1:38 PM
Subject: Important account information update
To:
*Hello University Members,*
You are required to update your University of Minnesota account information
due to recent update in our database. Please follow the link below to
update your account information.
University of Minnesota Account Update
<hxxp://xxxxx.es/includes/db/umn/access_web.htm>
Regards,
The University of Minnesota
From: University of Minnesota <xxxxxx@georgetown.edu>
Date: Thu, Mar 5, 2015 at 1:38 PM
Subject: Important account information update
To:
*Hello University Members,*
You are required to update your University of Minnesota account information
due to recent update in our database. Please follow the link below to
update your account information.
University of Minnesota Account Update
<hxxp://xxxxx.es/includes/db/umn/access_web.htm>
Regards,
The University of Minnesota
Things to note:
- URL is NOT from "umn.edu," - it's hosted in Spain.
- VERY good copy of current login page
- IF a person fills it out, it redirects to myu.umn.edu and will show you what appears to be the same login page. Users will probably assume they mistyped their password and re-enter it, THEN get a successful login.
Monday, March 2, 2015
Phishing Example 87: University Mail Update: Alert
Received March 2015
Alarming message requesting (by email) ID and password to clear recipient regarding a terror threat email. Unusual for
Alarming message requesting (by email) ID and password to clear recipient regarding a terror threat email. Unusual for
- connecting the scam to a "terror threat" as well as
- expecting a reply by email instead of filling in a form:
Subscribe to:
Posts (Atom)
© Regents of the University of Minnesota. All rights reserved. Equal opportunity educator and employer.