Go to the U of M home page

Monday, August 14, 2017

Example 205: ITS Support/Help desk

Fake support message leading to deceptive login page to steal name and password.

Message text:

From: Help Desk Support [mailto: non-UMN.EDU address]
Sent: Monday, August 14, 2017 10:09 AM
To: undisclosed-recipients:
Subject: ITS Support/Help desk

Dear Faculty and Staff,

Important information from Web Access Security Service.

An upgrade was made to the university’s authentication structure. The upgrade was required to prepare systems for compliance with State Security Standards, and the implementation of multi-factor authentication. Now, when you lo-gin. You will be required to enter your Network Username and password into the link that will be provided below.

Due to the upgrade that was made. Your lo-gin page will be changing. However, to avoid loss of your email address and password LOGIN your account now.

Thank you for your cooperation and patience as we take steps to further protect university data.

Thank you,
Division of Information Technology.
Login form:

fake login page aimed at stealing account credentials
fake login page aimed at stealing account credentials
 Things to note:

  • No UMN branding in message or webform
  • Email not from umn.edu address
  • Web form not hosted at a umn.edu site

Wednesday, August 2, 2017

Example 204: Notice ! Notice !!

Fake warning "from" google leads to a well crafted fake google login page

Message Text:

Spam Warning email - attached to PDF containing link to Fake Google login
Spam Warning email - attached to PDF containing link to Fake Google login


Web Form

Fake Google Login page
Fake Google Login page

Filling it out redirects to a REAL Google account login:
Real Google Login - with CORRECT "Google" text font
Real Google Login - with CORRECT "Google" text font

Things to Note:

  • Link not in email text - you have to open a PDF to find link
  • Link is hosted at an advertising website, NOT Google.com
  • Forged login uses an older font for "Google" - real google.com uses a san serif font
  • Filling in the form redirect to a REAL Google login page, with CORRECT font