Go to the U of M home page

Wednesday, March 28, 2018

Example 215: Library

Well crafted warning "from" the library leading to a login page intended to steal login credentials.

Message Text:

From: Library Services <txxx  @   xxxxx.edu.tr>
Date: Wed, Mar 28, 2018 at 4:25 PM
Subject: Library
To:

Dear User,
This message is to inform you that your access to the library will soon
expire. You will have to login to your account to continue to have access
to this service.
You can reactivate it by logging in through the following URL. A successful
login will activate your account and you will be redirected to your page.   
   hxxp://login.umn.xxxx.ga/idp/profile/SAML2/Redirect 

If you are not able to login, please contact Sarah Miller at
    xxxx@umn.edu (fake email) for immediate assistance.
Sincerely,
Sarah Miller (not a library staff member)
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South

Web Form:


forged UMN web login
forged UMN web login

Things to Note:

  • Web URL is NOT at *.umn.edu
  • Email comes from a Turkish (.tr) address
  • Email in letter is a non-existant UMN address
  • Filling in form (please don't!) redirect to REAL UMN login

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.