Go to the U of M home page

Thursday, March 9, 2017

Example 192: Documents to Review

email from compromised @umn user with pdf attachment linking to fake Google login.

MESSAGE TEXT
From: Compromised USER < xxx xxx @umn.edu>Date: Tue, Mar 7, 2017 at 7:16 AMSubject: Documents to ReviewTo: 

Please the attached to this message is an important document that need your review.
Thank you,

Compromised USER

PDF ATTACHMENT
simple pdf attachment, with link to fake google login
simple pdf attachment, with link to fake google login

WEB FORM


fake google login
fake google login
Things to note:

  • PDF attachment has no content other than a link (which could have been in the email)
  • Linked login form is NOT a umn or google hosted form
  • Linked login form offers other email providers for login - google doesn't do that
  • Anyone who filled in this form should immediately change their password and check account activity

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.