Go to the U of M home page

Monday, December 10, 2018

Example 225: Doc701234.docx

Google doc containing phishing link sent to steal login information.

Message Text:

From: Some Name (via Google Drive) <SomeName@gmail.com>
Date: Mon, Dec 10, 2018 at 12:08 PM
Subject: Doc701234.docx
To:
Cc:
SomeName@gmail.com has shared the following document:
Doc701234.docx
<https://drive.google.com/file/d/xxxxx>
[image: Unknown profile photo]John Coleman as shared a file with you
Open
<https://drive.google.com/file/d/XXXXX>
SomeName@gmail.com is outside your organization.
Google Drive: Have all your files within reach from any device.
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [image:
Logo for Google Drive] <https://drive.google.com>
Linked Doc/ Login Page:

Image of Google Doc and linked Fake Login Form
Image of Google Doc and linked Fake Login Form
Things to Note:

  • Email really comes from a Gmail account (anonymized here as "SomeName")
  • Link in email takes user to a real Google Doc 
  • Google Doc goes to a Forged Office 365 web login
Recommended Action:

Tuesday, December 4, 2018

Example 224: WEBMAIL UPGRADE

Simple phishing attempt offering "email upgrade"

Message Text:

Subject:  WEBMAIL UPGRADE
To: "Recipients"
From: "IT HELP DESK" <webmaster@xxxx-info>
Date: Mon, 03 Dec 2018 22:54:22 -0800
Your webmail quota has exceeded the set quota which is 2GB. you are currently running on 2.3GB to re-activate and increase your webmail quota please verify and update your webmail Account by clicking the link hxxp://www.some-domain-here.cf/ fill the form for upgrade.

Webform:


fake login webform from CF domain
fake login webform from CF domain

Things to Note:

  • No "UMN" branding
  • Email not from a @umn.edu sender
  • Message really comes from a gmail.com address, but reads "From" a .info address
  • Webform not encrypted - not https, but http - most browsers warn against putting passwords in such forms
  • Form hosted at a .cf (Central African Republic) address, not UMN.EDU

Monday, December 3, 2018

Advisory: Protecting Against Identity Theft

Timely reminder from US-CERT regarding identity theft risks from online shopping.

As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and protect personal information against identity theft. Identity thieves steal personal information, such as a credit card, and run up bills in the victim’s name.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the following tips to help reduce the risk of falling prey to identity theft:
If you believe you are a victim of identity theft, visit the FTC’s identity theft website to file a report and create a personal recovery plan.