Go to the U of M home page

Sunday, January 24, 2016

Phishing Example 122: Your account safety / Cyber Crime

Received: January 2016 - two variations

From: UMN Team <xxxxxxx.xxxx@xxx.xxx>
Date: Sat, Jan 23, 2016 at 6:21 PM
Subject: Your account safety

As part of our 2016 ongoing security check, kindly click on
the link below and verify your information. Recently,
there's been a rise in security incidents on the web.


Help us keep your account safe,

UMN Team

From: UMN Team (note: sent from a compromised umn.edu account)
Date: Sun, Jan 24, 2016 at 4:56 PM
Subject: Cyber crime

We've detected spam-like activity in your webmail account,
which is against our Acceptable Use Policy (AUP). Kindly
click on the link below to verify that you're the owner of the
account and not a spammer.

hxxp://URL-Shortener/umn-secure  (note: --> links to same form as "account safety")

We apologize for any inconvenience this may have cause you.

UMN Team.

Note: Has UMN brand, but is not an exact copy of the University's login page.

Wednesday, January 20, 2016

Phishing Example 121: Social Security Statement

Received January 2016

From: Social Security Statement <xxxnoxxreply@ssa-xx-xgov>
Date: Tue, Jan 19, 2016 at 8:11 AM
Subject: Social Security Statement

Xxxxxx Xxxxxxxxxx
We d like to remind you to review your Social Security Statement online. The Statement has important Social Security information and, if applicable, estimates of your future benefits.
If you are working, we encourage you to check your Statement yearly to make sure your earnings record is correct. The Statement also will help in planning your financial future.
To view your most recent Statement, please read this document 
             [NOTE -LINK DISPLAYS AS .GOV, But goes to an offshore site in Poland]
and sign into your account.
With instant access to your Social Security Statement at any time, you will no longer receive one periodically in the mail, saving money and the environment. Thank you for Going Green!
Please do not reply to this E-mail, as we are unable to respond to messages sent to this address.


  • Purports to com from SSA.GOV, but doesn't/
  • Purports to link to a document at socialsecurity.gov, but doesn't.
  • Links to a .DOC file that contains malicious code.

        Anyone who downloaded and opened this infected document should contact their tech support for assistance in determining if their computer has been infected.

Monday, January 11, 2016

Phishing Example 120: Your Paperless W2

Received January 2016

From: ESSW2@@umn.edu <<--NOTE ODD "@@" address
Date: Mon, Jan 11, 2016 at 1:52 PM
Subject: Your Paperless W2

Dear: Account Owner,

Our records indicate that you are enrolled in the University of Minnesota paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. "paperless W2") is prepared and ready for viewing.

Your W2 is ready for viewing under Employee Self Service. Logon at the following link:

Click Here to Logon <<link to offshore non-umn address>>

If you have trouble logging in to Employee Self Service at the link above, please contact your Payroll Department for support.

If you would like to un-enroll in the Paperless W2 Program, please logon to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions.

Anyone who did reply to this with their account information should reset their password and account secrets immediately.

The fake login looks like this:

Fake UMN login page from kaizenkz.org

Note: Firefox, Chrome and IE all attempt to protect you from going to this link:


IE browser warning
Chrome browser warning
Firefox browser warning