Well crafted warning "from" the library leading to a login page intended to steal login credentials.
Message Text:
From: Library Services <txxx @ xxxxx.edu.tr>
Date: Wed, Mar 28, 2018 at 4:25 PM
Subject: Library
To:
Dear User,
This message is to inform you that your access to the library will soon
expire. You will have to login to your account to continue to have access
to this service.
You can reactivate it by logging in through the following URL. A successful
login will activate your account and you will be redirected to your page.
hxxp://login.umn.xxxx.ga/idp/profile/SAML2/Redirect
If you are not able to login, please contact Sarah Miller at
xxxx@umn.edu (fake email) for immediate assistance.
Sincerely,
Sarah Miller (not a library staff member)
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South
Web Form:
 |
| forged UMN web login |
Things to Note:
- Web URL is NOT at *.umn.edu
- Email comes from a Turkish (.tr) address
- Email in letter is a non-existant UMN address
- Filling in form (please don't!) redirect to REAL UMN login
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.