Go to the U of M home page

Monday, April 30, 2018

Example 218: Attention!!!

Fraudulent email promising ATM card with money from "scam artists."

Message Text:

From: [BOGUS UMN ADDRESS]@umn.edu
Subject: Attention!!!
Date: April 29, 2018 at 16:00:23 CDT
To: Undisclosed recipients:;
Reply-To: < xxxxx xxxx @gmail.com>
This is to inform you that we have been working towards the eradication of fraudsters and scam Artists in America, Europe and Africa with the help of the Organization of African Unity (OAU) United Nations (UN), European Union (EU) and FBI.
We have been able to track down some scam artist in various parts of Europe and African countries which includes (Spain, England, Nigeria, Republic of Benin, Burkina Faso, Ghana and Senegal with Cote d'ivoire)They are all in Government custody now, they will appear at International Criminal Court (ICC) soon for Justice.

During the course of investigation, we were able to recover some funds from these scam
artists and IMF organization have ordered the funds recovered be shared among the 50
Lucky people listed around the World as a compensation and this will be done randomly.
This notice is being directed to you because your email address was found in one of the
scam Artists file and computer hard-disk during investigation may be you have been scammed. 

You are therefore being compensated with sum of ($300,000.00) Three hundred thousand US Dollars valid into an ATM Card which shall be mailed to you .
Since your email address is among the lucky beneficiaries who will receive the compensation funds, we have arranged your payment to be paid to you through ATM VISA CARD and deliver to your postal address with the pin code as to enable you withdrawal maximum of $5,000 on each withdrawal from any Bank ATM Machine of
your choice, until all the funds are exhausted.

The ATM Card with Security Pin number shall be delivered to you via courier Service,
depending your choice.

In order to proceed with this transaction, you will be required to e-mail us with the
following information:
YOUR FULL NAME:
YOUR AGE:
ADDRESS:
YOUR COUNTRY:
CITY:
DIRECT CONTACT PHONE NUMBER:
OCCUPATION:
NOTE:
Send your information to Mr. John Ewing via his email
  xxxxxxxxxxxxxx @gmail.com

We advice you to stop all communications with everyone regarding your payment as you
have been short listed to receive the compensation and now urge you to comply and
receive your ATM Card funds. Your cooperation will be highly appreciated and if
you have any further information that will help this investigation and fight against
scam artist. Please do not hesitate to make it available to us.
Thanks for your understanding as you follow instructions while I wait to hear from you soon.
Yours in Services
Mr. John Ewing

TO NOTE: 
  • Mail comes from a non-existent UMN address
  • Mail seeks personal information
  • Mail has no specific details - sounds more like a lottery than a legal notice
  • Mail return address is NOT to @umn.edu, but a gmail.com address

Thursday, April 12, 2018

Example 217: Google Chrome Critical ERROR



This is a scam. Do not call the "Help Desk" number. Research suggests that this scam spreads through malicious ads on web sites, so there might not be any malware or malicious browser plugins to clean up. However, we do recommend you follow your process to clean up University-owned devices, or run Malwarebytes or other anti-virus program for personal devices.

Tuesday, April 10, 2018

Example 216: Letter From The President Eric W. Kaler.

Forged letter "from" Prez Kaler, with PDF leading to a login form

Message Text:


MESSAGE FROM ERIC KALER. :
Dear Staff,
Attached is the employees update document.
Sincerely,
\Eric W. Kaler .
President
University of Minnesota .

Attached PDF with simple HTML link 

simple PDF, delivering a link to a login form
simple PDF, delivering a link to a login form


link leads to this forged "Microsoft" web page
link leads to this forged "Microsoft" web page

clicking "Download" gives this login page
clicking "Download" gives this login page


Things to Note:

  • Email sender address NOT from "umn.edu" (and NOT from President Kaler)
  • PDF is nothing but a "link delivery system" - aimed at driving you to a web page
  • Web page NOT at Microsoft OR umn.edu (country code GQ??)