Received November 2016
Things to note
- Email comes from a compromised umn.edu user's account, but used Pres. Kaler's name.
- ALSO seen from an outside address, and from another outside address with the subject "Final Update Required For All Staffs"
- NO text in email, instead there is an image of a notice regarding a new policy.
- Attached PDF contains a link to a brazillian website that has a fake Google login form
- Filling in page redirects to real Google Drive.
Message:
Image used for phishing message - claims to link to a pdf / google doc |
PDF with link
dummy PDF used to deliver link to phishing form |
Fake Login Form
Fake Google Login / includes multiple email providers (Google DOES NOT) |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.