Go to the U of M home page

Tuesday, June 20, 2017

Example 201: Security Updrade Strongly Required

Phish with security warning, going to very good copy of UMN login.


From: Help Desk <compromised user@umn.edu>
Date: Mon, Jun 19, 2017 at 6:20 PM
Subject: Security Updrade Strongly Required
University of Minnesota Account Help Desk  is having a problem with your Account.You will not be able to receive any new emails until you Upgrade your account  to avoid suspension.
Kindly be informed that we'll not be held responsible for your account deactivation once you fail to upgrade your account after this Final Warning. To remove your account from our deactivation list kindly click Upgrade below: 
Upgrade <hxxp://xxxxxxxxxx.ru/love.php>
- Identity Management Team
Web Form
Forged MyU login page - hosted at a .com site
Forged MyU login page - hosted at a .com site

Things to Note
  • Email comes from a compromised UMN account
  • URL in email points to a Russian (".ru") URL, but redirects to a .COM site for login
  • Logging into the page redirects to the REAL MyU login page (nearly identical to their fake page)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.