Go to the U of M home page

Friday, April 22, 2016

Phishing Example 139: Xxxxxx Yyyyy MD sent you an attachment

Received April 2016

From: Xxxxxx Yyyyyy MD <Compromised USER @umn.edu>
Date: Fri, Apr 22, 2016 at 1:02 PM
Subject: Xxxxxx Yyyyyy MD sent you an attachment

Attachment for you to view <hxxp:// google.com/>
Open <hxxp://www.xxxxengineers.com/Attchement%20235%20pdf.htm>

  •     Comes from a compromised UMN.EDU account (that doesn't match the "from:" name)
  •     Fake Dropbox login (Dropbox doesn't offer a menu of email providers)
  •     Says it's a google.com doc AND provides a Dropbox login

Monday, April 4, 2016

Phishing Example 138:Hello

Received April 2016

From: *UMN User*< UMN-USER  @ umn.edu>
Date: Mon, Apr 4, 2016 at 8:25 AM
Subject: Hello

I shared a document with you. Go to:

https://www .docusign .com <hxxp://bit.ly/-somebitly-address > and just sign in with

your email address to view the document.The file

is too large so I couldn't attach it let me know

what you think.



  • Comes from a compromised UMN account
  • Hides URL with bit.ly shortener
  • Goes to bogus "docusign" login on a compromised website
  • Most document sharing at the U is via Google Drive - IF you are already logged into Google to see your email,  you should NEVER see a login screen to get to the shared google doc.