Secure U
577 gradient

Phishing Scams Targeting the University

See the latest information security alerts and examples of phishing scams sent to University email accounts.

Recent Posts

June 10, 2019 - 1:15pm

By Joel Anderson

Fake job offers sent from multiple compromised student accounts:

THINGS TO NOTE

June 6, 2019 - 12:00pm

By Joel Anderson

Two related phishing scams sent from a compromised account pointed at a fake MyU login page.

Message Text #1

May 6, 2019 - 12:15pm

By Joel Anderson

Guess what? Your boss really doesn't need you to buy gift cards!

Lately we've seen growth in a scam that takes advantage of the public nature of our University.
Because we are a public institution, it isn't very hard for anyone to find names of leaders - that is, managers, professors and other people of authority. And it's also relatively easy to find names of people who might report to them.

What does that mean to you? 

April 26, 2019 - 4:15pm

By Joel Anderson

Multiple campaigns with forged UMN logins aimed at stealing accounts

Messages

From: University of Minnesota <Stolen-Account @ somewhere.edu>

Date: Fri, Apr 26, 2019 at 3:47 PM

Subject: A New UMN eBill is Now Available
To:

April 26, 2019 - 12:15pm

By Joel Anderson

Compromised UMN account used to send a link to a fake login page.

Message Text

From: University of Minnesota < compromised account @umn.edu>
Date: Fri, Apr 26, 2019 at 10:42 AM
Subject: You have 1 important message
To: 

Hello,

You have 1 Important message from Public Information Office.
View <hxx p:// people.  virginia. edu/~xxxxxxxxx/> *

Thank you.

Pages

Report Phishing

If you receive a phishing scam to your University email address, forward it to us at phishing@umn.edu, and include complete headers. (Note: If you have difficulty forwarding a phishing message, send a summary of the email, including the sender and subject to phishing@umn.edu.)

We will:

  • Block the return email addresses
  • Notify a website's administrators if a website is used to collect replies
  • Block access from the U network to the website
  • Notify other schools
  • Tune our rules that flag email as spam

What's Your Email Worth?

illustration of the data about you that can access through a hacked email account

Brian Krebs recently provided a sobering analysis of "The Value of a Hacked Email Account." Please share this with anyone who needs to be reminded that they shouldn't share their password with anyone!

Previous Phishing Examples

View examples of phishing scams targeting the U from 2012-2018 at phishing.it.umn.edu.