Phishing - Fake MyU Page

Security Notice Active Phishing Targeting UMN

The University of Minnesota has been experiencing an ongoing phishing campaign. This article will help you identify this campaign and protect your account from becoming vulnerable.

Should you see a suspicious email, please report it immediately to [email protected] 

Phishing Attack Details

There is an ongoing phishing attack at the university. There are emails directing users to a fraudulent Google page (mimicking login.umn.edu) and requesting your username and password. After a user enters their credentials, attackers initiate a Duo prompt and, once approved, gain access to the user’s account. 

The URL of the fraudulent MyU login page will not be a legitimate login.umn.edu URL, which users can confirm by checking the page URL in the browser’s address bar. Do not enter your credentials in the fake UMN login page.

This screenshot shows an example phishing email, however; individuals may receive a different email than this example. Be aware of this as you browse your mail.
 

Example phishing email with Subject line restrictions affecting your ID


The link in the body of the email will direct you to a Google site identifiable with a URL like sites.google.com which then directs you to a convincing-looking fake UMN login page. 

  • Note: The URL of the fake UMN login page is not login.umn.edu.
    • Do not enter your credentials in the fake UMN login page.
       
Fake UMN login page with UMN template but the URL is incorrect and is not login.umn.edu


Should you see a suspicious email, please report it immediately to [email protected] 

What to look for

Be aware of emails you are receiving and scrutinize any emails containing the following:

  • Subject lines that mention “your ID.”
  • Examples include:
  • “Limitations on your ID”
  • “Restrictions affecting your ID”
  • “Message regarding your ID”
  • “Announcement related to your UMN”
  • Body text that includes a URL in the format (i.e.;“umn.edu/[7-8 random characters]”).
    • Note that these phishing emails will likely come from @umn.edu email addresses or other .edu email addresses.

What to do

  • Should you receive this email, do not click or take any action.
  • Always review links in emails before clicking.
    • Long-press or hover over links to view the URLs they’re pointing to. URLs for all University-related websites should end in umn.edu.
  • Always check the page URL before entering credentials into University login pages.

Immediate Security Steps

After reporting to UIS, if you interacted with the email or believe your credentials may have been exposed, perform these safety checks immediately:

  1. Password Review: Change passwords on any non-University accounts that share a password with your University account. We strongly recommend using unique passphrases for every account.
  2. Check Recovery Info:
    1. Visit my-account.umn.edu
    2. Select Password Management, then Shared Secret to ensure your recovery information has not been modified.
    3. You may also want to Set UMN Password Reset Questions at this time.
  3. Verify MyU Information:
    1. Log into myu.umn.edu
    2. Check the My Info tab to check for unauthorized changes.
      • Employees should verify Direct Deposit Set-Up under My Pay
      • Students should verify Billing & Payment under My Finances.
  4. Email Settings: Check your Gmail filters and forwarding settings to ensure your mail is not being redirected.
    1. Additionally, you can check recent activity on your Gmail account using the steps at z.umn.edu/gmail_activity.
  5. Google Security Checkup: Visit Google Security Checkup to sign out of any unrecognized devices or remove unauthorized third-party apps.

Reporting Findings

If you discover any unauthorized changes to your account:

  1. Take a screenshot of the changes
  2. Email [email protected] immediately (with screenshots) for guidance.
  3. Be aware of the potential for identity theft. If you suspect this has happened to you, follow the steps at identitytheft.gov

NOTE: If you use your email to send or receive patient information for healthcare, research, or any other reason, please report this potential exposure to the Health Information Privacy and Compliance Office (HIPCO) at [email protected]

Latest News