Scam Examples and Security Advisories | IT@UMN | The people behind the technology

Recent Posts

Example 251: Fake University of Minnesota Login Pages

Fake login pages are typically delivered as a link in a scam email, often with a notice like “you have a secure message” or “your account will be closed.” Scammers are trying to capture user ID and password combinatio

Example 250: Advisory: Google Services Abuse Advisory

According to Security Week, cybercriminals are making increasing use of Google services to sc

Example 249: Scam Texts

Scams take many forms, including SMS (text), as well as emails and telephone calls. We have had reports of fake texts from President Joan Gabel with the scammer’s goal being to get the recipient to engage.

Example 248: Fake Payment Receipts

We are currently seeing a high volume of payment and subscription scams.

Example 247: Beware Fake Google Drive Invitations

Example 246: Fake copyright infringement notices

We have seen several of these submitted via the public-facing web forms of legitimate University businesses. In each case, the claim and the sending email were fraudulent.

Example 245: Scam notice of your email being held

This example shows the scammers attempting to personalize the message and make it more believable by including the recipient’s Internet ID throughout the email.

Example 244: “Trust” Sends Scam Form to Reinstate Email

Scam form asking for UMN user name and passcode

Scammers used a couple of common techniques in this example.

Example 243: Ordinary Sloppy “Mailbox Storage Full” Scams

Screenshot of sloppy non-UMN login page titled Webmail

Less sophisticated, sloppy scammers still target the University community. Their emails are generally easier to recognize, even from the text of the email.

Example 242: Pending Mails

Example of scam email about pending mails - the text of this image is also in the content

Email scams play on human emotions such as curiosity, greed, or fear. Telling you of a pending email message or package is a common ploy.

Read more of: Example 242: Pending Mails

Example 241: Fake UMN Google Login Pop-ups

Email scams are the primary way that cyber attackers infiltrate organizations.

Example 240: Fake UMN Login Pages Are Back!

Screenshot of fake UMN login page calling out aws URL and with FAKE across it in red

Scams involving fake login pages practically disappeared after the University implemented Duo two-factor auth

Example 239: Are you available? Business Email Exploit/Compromise

Screenshot of scam email with subject Available?

Business email exploits are a social engineering scam we see every day at the University.

Example 238: Retirement Scam for University Personnel

Small child in vivid yellow skirt grasps her grandparent's forearm. Photo credit @immo_cb on Instagram

Planning for retirement can be complex and emotional, and many people seek guidance and assurance that they are doing it “right”.

Example 237: Student job for you! $400 per week!

Mysterious detective figure with the words scam alert

Scams offering student employment are common at the University of Minnesota. Recently, there’s been a significant increase in the number of scams that are being attempted and the volume of recipients.

Example 235: Expiration Notice

A screenshot of the phishing landing page for Canvas

Phishing targeted at Canvas usersThis phishing scam was sent to a short list of UMN individuals with the subject “Expiration Notice”.

Read more of: Example 235: Expiration Notice

Example 234: Payroll Schedule

Fake University of Minnesota login page with notes

This phishing scam was sent to a public UMN Google Group with the subject 'Payroll Schedule'.A version of the message is included below.

Read more of: Example 234: Payroll Schedule

Advisory: Holiday Shopping, Phishing, and Malware Scams

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams.

Example 233: Tutor Needed

Members of the University community have received a fake job offer email aimed at financial fraud.

Advisory: FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks.

Report Phishing

If you receive a phishing scam to your University email address, forward it to us at [email protected], and include complete headers. (Note: If you have difficulty forwarding a phishing message, send a summary of the email, including the sender and subject to [email protected].)

We will:

Block the return email addresses
Notify a website's administrators if a website is used to collect replies
Block access from the U network to the website
Notify other schools
Tune our rules that flag email as spam

What's Your Email Worth?

illustration of the data about you that can access through a hacked email account

Brian Krebs recently provided a sobering analysis of "The Value of a Hacked Email Account." Please share this with anyone who needs to be reminded that they shouldn't share their password with anyone!