Example 241: Fake UMN Google Login Pop-ups

Scammers sometimes use fake Google login pop-ups as well as fake login pages to capture IDs and passwords.

Email scams are the primary way that cyber attackers infiltrate organizations. Many of the big breaches in the news began with a scam or phishing email. What are the attackers trying to do? They deliver two main weapons via scam email:

  • Fake login pages to collect target credentials (ID and password).
  • Infected attachment or link to install malicious software (malware) such as Ransomware on the target’s computer. 

    Indicators of Phishing

    • From address is suspicious: [email protected]
    • Sense of urgency: Your password is due for expiration Yesterday!
    • Hover your mouse over the link or hold on a mobile device to see that the fake login pop-ups are delivered from hxxps://creattica[.]ru/
    • Misspelled “Verifying,” slightly broken English

    What to do if you receive one of these:

    Example:

    From: <[email protected]
    Date: Sun, Mar 14, 2021 at 12:39 PM
    Subject: [UNVERIFIED] [email protected] Account Password Expiration 3/14/2021
    7:19:41 a.m.
    To: <[email protected]

    [email protected]:

    Your Account Password is due for expiration Yesterday:

    Please kindly use the below to continue with same password.

    Click Here

    This email has been automatically generated by request. This electronic transmission is confidential and is intended for designated recipients only. If this message was not meant for you, please do well to delete the original and all copies and notify the sender immediately. Adding us to your address book and safe list enhances prompt and quick delivery of fax messages.

    Copyright©2021. All Rights Reserved

    umn.edu 3/14/2021 7:19:41 a.m.