Go to the U of M home page

Friday, August 28, 2015

Advisory: "August 2015 Salary Increase" Scam

This email appears to be from UMN-HR, but it is a scam. Thanks to everyone who recognized and reported this!

From: UMN-HR <employeeresources@umn.edu>
Date: Thu, Aug 27, 2015 at 6:37 AM
Subject: August 2015 Salary As Adjusted



Hello,
We assessed the 2015 salary structure as provided for under the terms of
employment and discovered that
you are due for a salary raise starting August 2015
Your salary raise documents are enclosed below:

Access the documents here <hxxp://nutribetics.ca/umn.edu/Sign-In.htm>

Faithfully
Human Resources
University of Minnesota

Friday, August 7, 2015

Advisory: Phishing Campaign Similar to July 4 Weekend in Progress

In the last couple of days, we have seen a wave of phishing emails with subjects like

School Mail Box Validation
Mailbox Update
Re-Validate Your School Mail Box
CARD AUTHENTICATION

This is the same pattern of phishing that we experienced during the July 4th holiday weekend, documented on this blog.

Please be wary of these emails. They may appear to come from umn.edu accounts. If you see one of these, please forward it to phishing@umn.edu, report it as phishing in Google mail, and delete it.

Thank you for your efforts to protect yourself and others on the University's network!

Monday, August 3, 2015

Phishing Example 106: I've shared an item with you.

Received August 2015

From:
Date: Mon, Aug 3, 2015 at 9:17 AM
Subject: I've shared an item with you.
To:

Hello,

I just shared a document with you using the new Google App. To open this
document, go to hxxp://drive.google.com
<hxxp://e-tuition.net/media/platform>  to view it and sign in with your
email address, as it is stored online.

Note: it's not an attachment, it's a document stored online.                                      
                                                                                                   
Best Regards                                                                                      
--            

Things to Note:


  • NOT the proper Google Drive login.
  • URL redirects to NON-GOOGLE, NON-UMN login.

Phishing Example 105: Subscription Expiration Announcement

Received August 2015

> From: "University of Minnesota" <help@umn.edu> no, not really
> Date: August 1, 2015 at 15:11:18 CDT
> Subject: Subscription Expiration Announcement
> Reply-To: do.not.reply@umn.edu
>
> Dear Subscriber,
> Welcome to your UMN Mail subscription expiration summary from The Office
> of Information Technology (OIT). Simply fill a subscription renewal form
> here;
> hxxp://xxxxxxxxxxxxxxxx/service.php
> © 2015 University of Minnesota. All rights reserved.




Things to note Note:

  • Not hosted at the University.
  • Not branded with UMN info.
  • Fictitious warning "Subscription Expiration" - there isn't any such thing.