Go to the U of M home page

Monday, November 21, 2016

Example 173: Code of Conduct / Final Update Required For All Staffs

PDF from compromised user, forged as from Pres. Kaler.
Received November 2016

Things to note


  • Email comes from a compromised umn.edu user's account, but used Pres. Kaler's name.
  • ALSO seen from an outside address, and from another outside address with the subject "Final Update Required For All Staffs"
  • NO text in email, instead there is an image of a notice regarding a new policy.
  • Attached PDF contains a link to a brazillian website that has a fake Google login form
  • Filling in page redirects to real Google Drive.


Message:

Image used for phishing message - claims to link to a pdf / google doc
Image used for phishing message - claims to link to a pdf / google doc

PDF with link

dummy PDF used to deliver link to phishing form
dummy PDF used to deliver link to phishing form

Fake Login Form

Fake Google Login / includes multiple email providers (Google DOES NOT)
Fake Google Login / includes multiple email providers (Google DOES NOT)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.