Go to the U of M home page

Friday, July 29, 2016

Advisory : Reporting an ‘I.R.S.’ Telephone Scam

(from the NYTimes)

Reporting an ‘I.R.S.’ Telephone Scam
Tech Tip

Q. With phishing email, I can forward the message to the authorities, but how do you officially report those obvious phone scams from robot voices purporting to be from the Internal Revenue Service?

A. Phone calls and answering machine messages claiming to be from the I.R.S. and demanding money for alleged tax bills can happen year-round. The messages left on an answering machine often use awkward phrasing and sound distinctly like a computer reciting script with its text-to-speech function and synthesized voice.

If you have filed your return, do not owe any taxes and have deduced that the call is a hustle, you can file a report on the website of the Treasury Inspector General for Tax Administration, which has a special form for I.R.S. Impersonation Scam Reporting. You can also send an email message with the subject line “I.R.S. Phone Scam” to phishing@irs.gov to report the call. In either case, include the number you were asked to call and any other information about the experience. ...


Wednesday, July 27, 2016

Advisory: Fake "Computer Support" - Targets Windows AND Mac Users.

We've had reports of users getting snared by ambush websites that present alarming messages and direct the users to call for assistance.

Example page

  • These pages are usually designed to prevent you from closing your browser window - close down your browser completely to terminate them. If you can't close it, reboot the computer.
  • Do NOT call the number - the scam is trying to scare you - at best they'll take your money, at worst, they will completely compromise your computer.
  • Apple computers are also targeted - see https://discussions.apple.com/docs/DOC-8071
  • If you suspect you have been caught by one of these campaigns, contact your technical support team or contact 1-HELP  (612-301-4357) for assistance.

Monday, July 25, 2016

Phishing Example 155: Restore Your Mailbox Capacity - yet another fake UMN login

Received July 2016

[Note: we are seeing a proliferation of spam that copies the UMN login page - this is the most recent example - always check the destination URL address!]

From: University Of Minnesota <help @ umn.edu>
           [NOTE FORGED "from:" 
                 - REALLY SENT FROM A COMPROMISED @umn.edu account]
Date: Mon, Jul 25, 2016 at 8:31 AM
Subject: Restore Your Mailbox Capacity

Dear *UMN.EDU* <hxxp://  xxxxx .com/fonts/unm/umn.htm> User,
                      [NOTE TARGET IS NOT A UMN.EDU address!]

Your email account has reached  the storage limit, hence you can no longer
receive your recent pending emails. Please logon here to  *Increase Storage
Limit* <hxxp://  xxxxx .com/fonts/unm/umn.htm> inorder to receive your
pending emails and also to restore your mailbox back to normal.


© 2016 Regents of the University of Minnesota. All rights reserved.


  • Always check the destination URL address - if it is NOT a UMN.EDU address - do NOT ENTER YOUR INFORMATION!
  • Forged pages are often set to direct you to a legitimate UMN web page after you "login."

Fake login page - note destination address!
Legitimate UMN page you are sent to after "login"

Monday, July 11, 2016

Phishing Example 154: Important Public Security Message

Received July 2016

From: UMN Security <xxxx @ my.bristol.ac.uk>
Date: Mon, Jul 11, 2016 at 12:16 PM
Subject: Important Public Security Message


You have an important security message in the portal please click below to read the message.

Security Message (Links to fake login Form)

Please be safe.

University of Minnesota
Public Safety

  • email comes from a foreign (.uk) address
  • UMN login is not AT umn.edu, but a .com address
  • If you fill it out (*DON'T!*) it redirects you to a real UMN Safety page.