Secure U
577 gradient

Phishing Scams Targeting the University

See the latest information security alerts and examples of phishing scams sent to University email accounts.

Recent Posts

Advisory:Holiday Shopping, Phishing, and Malware Scams

November 8, 2019 - 1:00pm

By Joel Anderson

Holiday Shopping, Phishing, and Malware Scams

Original release date: November 08, 2019
 

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.

Read more of Advisory:Holiday Shopping, Phishing, and Malware Scams.

Example 233: Tutor Needed

October 14, 2019 - 3:15pm

By Joel Anderson

Fake job offer aimed at financial fraud.

Message Text

From: Trenton Warner
Date: Sun, Oct 13, 2019 at 2:32 PM
Subject: Tutor needed
To:
Hello,
How are you doing today? This is Trenton Warner. I saw your contact at
[SPECIFIC INFORMATION ABOUT DISCOVERY] under Graduate Student's portal.

I seek for a private high school  introductory biology tutor for my Daughter. I would like to know if
you will be available for the job.

Read more of Example 233: Tutor Needed.

Example 232: Library Services / Notification

October 12, 2019 - 4:00pm

By Joel Anderson

Forged email "from" UMN libraries claiming user needs to "renew" services.

Note, some versions have subject "Library Notification" others "Library Services"

Message Content

From: U of M Libraries < NON-UMN EMAILl> Date:

Read more of Example 232: Library Services / Notification.

Advisory: FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

October 10, 2019 - 2:30pm

By Joel Anderson

In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks.

Read more of Advisory: FBI Releases Article on Defending Against Phishing and Spearphishing Attacks.

Advisory: Whoa! Careful with that attachment, Emotet is back!

September 19, 2019 - 4:00pm

By Joel Anderson

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign.

What's Emotet? It is an type of trojan malware that gets delivered via "attachments." Often disguised as invoices that need to be reviewed, or notices of software license renewal. Usually the message conveys some urgency to entice the recipient into opening the file, all in order to infect the user's computer.

Read more of Advisory: Whoa! Careful with that attachment, Emotet is back!.

Pages

Report Phishing

If you receive a phishing scam to your University email address, forward it to us at phishing@umn.edu, and include complete headers. (Note: If you have difficulty forwarding a phishing message, send a summary of the email, including the sender and subject to phishing@umn.edu.)

We will:

  • Block the return email addresses
  • Notify a website's administrators if a website is used to collect replies
  • Block access from the U network to the website
  • Notify other schools
  • Tune our rules that flag email as spam

What's Your Email Worth?

illustration of the data about you that can access through a hacked email account

Brian Krebs recently provided a sobering analysis of "The Value of a Hacked Email Account." Please share this with anyone who needs to be reminded that they shouldn't share their password with anyone!

Previous Phishing Examples

View examples of phishing scams targeting the U from 2012-2018 at phishing.it.umn.edu.

Archive

Pages

If you have a technology question, contact Technology Help. If you have feedback about this webpage, please share it below.

Additional Resources

Recognize and Report Email Scams
Practice Safe Computing
University Information Security