Secure U
577 gradient

Phishing Scams Targeting the University

See the latest information security alerts and examples of phishing scams sent to University email accounts.

Recent Posts

August 21, 2019 - 3:15pm

By Joel Anderson

Adept email scammers fake the "From:" address to look like a real sender.

Masking the sender, emails might look like they came from a legitimate sender 

June 27, 2019 - 2:00pm

By Joel Anderson

Warning posted in Target stores with the growth of "the boss needs gift cards" scams.

As we've noted (https://it.umn.edu/phishing-scams-targeting-university/advisory-guess-what-your-boss-really) there has been tremendous growth in forged scam emails impersonating important people (department heads, professors, and more) asking people to buy gift cards.

This has gotten so prevalent, that Target has posted signs at the  self-checkout terminals:

June 10, 2019 - 1:15pm

By Joel Anderson

Fake job offers sent from multiple compromised student accounts:

THINGS TO NOTE

June 6, 2019 - 12:00pm

By Joel Anderson

Two related phishing scams sent from a compromised account pointed at a fake MyU login page.

Message Text #1

May 6, 2019 - 12:15pm

By Joel Anderson

Guess what? Your boss really doesn't need you to buy gift cards!

Lately we've seen growth in a scam that takes advantage of the public nature of our University.
Because we are a public institution, it isn't very hard for anyone to find names of leaders - that is, managers, professors and other people of authority. And it's also relatively easy to find names of people who might report to them.

What does that mean to you? 

Pages

Report Phishing

If you receive a phishing scam to your University email address, forward it to us at phishing@umn.edu, and include complete headers. (Note: If you have difficulty forwarding a phishing message, send a summary of the email, including the sender and subject to phishing@umn.edu.)

We will:

  • Block the return email addresses
  • Notify a website's administrators if a website is used to collect replies
  • Block access from the U network to the website
  • Notify other schools
  • Tune our rules that flag email as spam

What's Your Email Worth?

illustration of the data about you that can access through a hacked email account

Brian Krebs recently provided a sobering analysis of "The Value of a Hacked Email Account." Please share this with anyone who needs to be reminded that they shouldn't share their password with anyone!

Previous Phishing Examples

View examples of phishing scams targeting the U from 2012-2018 at phishing.it.umn.edu.