Go to the U of M home page

Friday, July 24, 2015

Advisory: "Notice to Appear in Court"

Received July 2015

>  From: "State Court"
> Date: July 23, 2015 at 11:07:01 PM CDT
> To:
> Subject: Notice to Appear in Court  
> Reply-To: "State Court"
> Notice to Appear,
> You have to appear in the Court on the July 31.
> You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
> Note: The case will be heard by the judge in your absence if you do not come.
> The Court Notice is attached to this email.
> Kind regards,
> Court Secretary.

We've had this scam reported on our network

You can read about such scams at Snopes: http://www.snopes.com/crime/fraud/courtnotice.asp where the verdict is: 
Scam:   Malicious code is loaded onto computers via the e-mailing of fraudulent court appearance notices. 
Typically these have an attached "notice" that contains malicious code - don't open them. If you have any questions, report it to University Information Security at phishing@umn.edu

Wednesday, July 8, 2015

Phishing Example 104: Coordinated Phishing Campaign

Reported July 2015

We are seeing a coordinated set of phishing messages aimed at harvesting information from the University community. Please report any such mail you've received to phishing@umn.edu

If you have entered your login information in such a fraudulent page - change your password immediately. If you have revealed personal or financial information, please refer to https://www.identitytheft.gov/ for steps to secure your information.

First - emails are sent to steal login information:

Subject: School Mail Box Validation
   Date: Wed, 8 Jul 2015 06:55:55 +0100
   From: ctl HELP-DESK

It has been our pleasure to provide you with an [2]umn.edu campus login and
email account in the past. Please be advised that effective 11/07/2015 we will
be deleting accounts whose account has not been validated yet.
 Re-Validate< Click Here>

Please make arrangements to move valued email messages to another email
account before the above date, as all messages will be deleted along with the
accounts at that time if you no longer need it.
Thank you for your attention.

(NOTE some of these come from outside the U, but once they get some accounts this and the rest are sent from UMN accounts, and the forms are hosted at UMN google).

NEXT - Phished login information is used to set up a variety of forms used to steal financial information. Phished accounts are then used to send this email to UMN community members.

To :  <undisclosed-recipients:;>
Date : Wed, 08 Jul 2015 01:12:37 -0500
Subject : Visa/Master Card Verification
============ Forwarded message ============
 Dear Esteemed Customer,
 Due to some suspicious activities, we advice you verify your VISA/MASTER CARD details.
 Please click here < Verify >  to verify your card.
 For your safety this link will expire within 6 hours 
 ? Copyright 1996-2015 Visa. All Rights Reserved.

*From:* ctl@umn.edu.RE-VALIDATE 
      (NOTE: ctl@umn.edu is a non-existent UMN address)
*Sent:* Wednesday, July 08, 2015 4:03 AM
*Subject:* Easy Fast And Reliable??

*Internal Revenue Service Record Shows You Are Still Yet To Validate.*
Update your *Internal Revenue* *Record* immediately today,
validation of your identity due to the new health care *Service* and much
click here to -  *< Validate >

USA.gov is the U.S. government's official web portal.
*For your protection, this link would expire in six hours*


Monday, July 6, 2015

Phishing Example 103: IDENTITY PROTECTION / IDENTITY RE-VALIDATION / Easy Fast And Reliable

received July 2015


Note: This mail is being sent with different subjects:

  • Easy Fast And Reliable

From: "ctl@umn.edu.RE-VALIDATE"
NOTE: "ctl" is not a valid UMN account. Some have been sent                 
           "from" *tcf@tcfbank.com.RE-validate* 
           or "isss@umn.edu.re-validate"

Date: July 5, 2015 at 4:50:26 PM PDT
To: undisclosed-recipients:;

 You are to update your IRS e-file immediately, To Update -
           < Click Here >
         USA.gov is the U.S. government's official web portal.

  IRS e-file. Since 1990

This is a bogus IRS form; the compromised accounts sending these have closed and are being recovered.