Go to the U of M home page

Tuesday, September 5, 2017

Example 206: Urgent Notice

Fake "warning" leads to forged UMN login page aimed at stealing passwords.

Message text:

From: UMN Admin <noreply@xxx.edu>
Date: Tue, Sep 5, 2017 at 4:52 PM
Subject: Urgent Notice
To all staffs/employees and UMN users, we have observed that there are some
non-active email address in our database recently serving as a loop to
hackers trying to hijack our server. User are advised to CLICK
<hxxp://umn-edu.xxxx.biz/index.html> here to login and validate their email
address and continue with their normal activity as their login information
will not be altered or shared.
If you receive this message as spam, kindly move message to your inbox
before you click. Failure to comply with this demand will be regarded
as non active user and will lead to deletion after 48 hours of
reception of this email.
Sorry for the inconveniences.
Web Form

Fake UMN login hosted at .biz address
Fake UMN login hosted at .biz address

Things to Note:

  • Email forged as coming from a .edu address - but NOT umn.edu
  • Web form hosted at a ".biz" address - NOT umn.edu
  • Filling in the form redirect to the login.umn.edu web page

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.