Example 203: Unrecognized Login Location Alert For xxx@umn.edu

Spoof security alert message aimed at capturing login credentials.

Message Text

Date: 29 Jul 2017 18:27:07 -0400
Subject: Unrecognized Login Location Alert For xxx@umn.edu
To: xxx@umn.edu
From: " E-mail Security Alert" <xxx@xxx.xx.cn> 

(note: EMAIL From Non-UMN.EDU address!)

for - Account User: xxx@umn.edu 

This is to notify you that someone from an unrecognized location tried logging into your e-Mail (xxx@umn.edu ) few minutes ago. 

Was this done by you? 

For your account security, we strongly recommend that you verify your account now, else you account will be blocked without further notice. 

Click here to Verify your E-mail account now
After verification, extra security features will be activated in your email settings and your account will be safe for use again.
Source: Email Security Team

Things to Note

• No University of Minnesota text or branding
• Email source NOT @umn.edu 
• Personalized report includes recipient email, which is also embedded in the form link (this lets the form come up with your ID already filled in)
• Form link NOT at UMN.EDU (it was actually on a doggie day care website)
• Sorry, no picture of the form, which was already removed by the time it was reported