MESSAGE TEXT
From: Compromised USER < xxx xxx @umn.edu>Date: Tue, Mar 7, 2017 at 7:16 AMSubject: Documents to ReviewTo:
Please the attached to this message is an important document that need your review.
Thank you,
Compromised USER
PDF ATTACHMENT
simple pdf attachment, with link to fake google login |
WEB FORM
fake google login |
- PDF attachment has no content other than a link (which could have been in the email)
- Linked login form is NOT a umn or google hosted form
- Linked login form offers other email providers for login - google doesn't do that
- Anyone who filled in this form should immediately change their password and check account activity
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.