Secure U
577 gradient

Phishing Scams Targeting the University

See the latest information security alerts and examples of phishing scams sent to University email accounts.

Recent Posts

November 8, 2019 - 1:00pm

By Joel Anderson

Holiday Shopping, Phishing, and Malware Scams

Original release date: November 08, 2019
 

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.

October 14, 2019 - 3:15pm

By Joel Anderson

Fake job offer aimed at financial fraud.

Message Text

From: Trenton Warner
Date: Sun, Oct 13, 2019 at 2:32 PM
Subject: Tutor needed
To:
Hello,
How are you doing today? This is Trenton Warner. I saw your contact at
[SPECIFIC INFORMATION ABOUT DISCOVERY] under Graduate Student's portal.

I seek for a private high school  introductory biology tutor for my Daughter. I would like to know if
you will be available for the job.

October 12, 2019 - 4:00pm

By Joel Anderson

Forged email "from" UMN libraries claiming user needs to "renew" services.

Note, some versions have subject "Library Notification" others "Library Services"

Message Content

From: U of M Libraries < NON-UMN EMAILl> Date:

October 10, 2019 - 2:30pm

By Joel Anderson

In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks.

September 19, 2019 - 4:00pm

By Joel Anderson

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign.

What's Emotet? It is an type of trojan malware that gets delivered via "attachments." Often disguised as invoices that need to be reviewed, or notices of software license renewal. Usually the message conveys some urgency to entice the recipient into opening the file, all in order to infect the user's computer.

Pages

Report Phishing

If you receive a phishing scam to your University email address, forward it to us at phishing@umn.edu, and include complete headers. (Note: If you have difficulty forwarding a phishing message, send a summary of the email, including the sender and subject to phishing@umn.edu.)

We will:

  • Block the return email addresses
  • Notify a website's administrators if a website is used to collect replies
  • Block access from the U network to the website
  • Notify other schools
  • Tune our rules that flag email as spam

What's Your Email Worth?

illustration of the data about you that can access through a hacked email account

Brian Krebs recently provided a sobering analysis of "The Value of a Hacked Email Account." Please share this with anyone who needs to be reminded that they shouldn't share their password with anyone!

Previous Phishing Examples

View examples of phishing scams targeting the U from 2012-2018 at phishing.it.umn.edu.