Bogus warning forged as from UMN library - links to a clone of UMN login page via wisc.edu quicklink.
Message text
From: University of Minnesota Libraries <libraries@ umn. co> <<--NOTE "UMN.CO" senderDate: Tue, Nov 21, 2017 at 7:39 AMSubject: Library NotificationsTo:
Dear Library User,
Our records show that your access to University of Minnesota Libraries System is about to expire. Due to security precautions established to protect University Libraries System, you have to renew your library account on a regular base, so please use the following link
login.umn.edu/cas/authn/redirect/libraries/access/reactivation.htm
(Note: this fake link in TEXT, really links to a go.wisc.edu quicklink to a fake UMN login)
After your successful authentication, your access will be restored automatically and you will be redirected to the library homepage. If you are unable to log in, please contact the library help desk for immediate assistance. We apologize for any inconveniences this may have caused.
Thank you,
University of Minnesota Libraries 309 19th Ave S, Minneapolis, MN 55455libraries@umn.edu <<---NOTE non-existent "libraries@umn.edu" address
Web Form
Forged UMN login page |
- Email comes from "umn.co," not "umn.edu"
- Displayed URL appears to be a umn.edu address,
- BUT goes instead to a wisc.edu URL-shortener service
- Final URL includes "umn.edu" but ends in "citt.cf"
- IF you "logged in" you will be redirected to the UMN library site - if you did this change your password ASAP!