Go to the U of M home page

Thursday, December 29, 2016

Example 177:A Message from the IDmanagement

Forged "help desk" email from outside umn.edu, Redirects to bogus UMN login page.
Received December 2016

Things to note:


  • Email comes from an outside user - claims to be from "Help Desk"
  • Link goes to a very close copy of our current login page
  • Filling in page redirects to http://twin-cities.umn.edu/ - even if nothing is entered.


Message:
From: Help Desk <xxxx @xxx .arizona.edu>Date: Wed, Dec 28, 2016 at 5:16 PMSubject: A Message from the IDmanagementTo: 

To verify your email address  please Click Here, If  you did not verify your email,
it will automatically be cancelled within 24 hours
Thanks for using Umn.Edu!
Sincerely,
The UMN Help Team
Login page:

forged UMN.EDU login page - hosted on Russian domain
forged UMN.EDU login page - hosted on Russian domain

Tuesday, December 20, 2016

Example 176: Office Of The President. Attention!!! (multiple subjects)

PDF forged as from President Kaler, goes to fake Google login
Received December 2016

Things to note
  • Email comes from an outside user - claims to be from President Kaler
  • Attached PDF contains a link to a fake website
  • Filling in page redirects to real PDF (that has nothing to do with email subject)
  • other subjects: University Email / Update Required
Message:
Subject: Office Of The President. Attention!!!
Date: Tue, 20 Dec 2016 13:28:05 -0800
From:  [Different senders / from outside umn.edu]

University of Minnesota
Driven to  Discover
Office of the President

Dear All,
Attached is an important update for,  Download and verify your email identity.
P.S: If you do not verify your email identity, there will be restrictions accessing your email.
Sincerely,
Eric W. Kaler
President
PDF with link


dummy PDF with link to login form
dummy PDF with link to login form


Fake Login Forms

Bogus Google login (note multiple email providers named)
Bogus Google login (note multiple email providers named)
sign in form


Document delivered if you fill in form
document has nothing to do with email subject
document has nothing to do with email subject



Thursday, December 15, 2016

Example 175: Scanned document(s) attached

PDF from compromised user, goes to fake Google login


Received December 2016

Things to note

  • Email comes from a compromised umn.edu user's account
  • Attached PDF contains a link to a fake website
  • Filling in page redirects to real Google Drive 

Message:
From: Xxxxxx Yyyyyy <xyyyy  @  umn.edu>Date: Thu, Dec 15, 2016 at 12:05 PMSubject: Scanned document(s) attachedTo: 

I have shared a document for your review, please find it below.
Best Regards,
Xxxxxx Yyyyyyy
PDF with link
dummy PDF with link to login form
dummy PDF with link to login form




Fake Login Form
Bogus Google login (note multiple email providers named)
Bogus Google login (note multiple email providers named)