Scam Examples and Security Advisories | IT@UMN | The people behind the technology

Recent Posts

Example 251: Fake University of Minnesota Login Pages

June 20, 2022

Fake login pages are typically delivered as a link in a scam email, often with a notice like “you have a secure message” or “your account will be closed.” Scammers are trying to capture user ID and password combinatio

Example 250: Advisory: Google Services Abuse Advisory

January 21, 2022

According to

Example 249: Scam Texts

December 27, 2021

Scams take many forms, including SMS (text), as well as emails and telephone calls.

Example 248: Fake payment receipts

September 10, 2021

We are currently seeing a high volume of payment and subscription scams.

Example 247: Beware Fake Google Drive Invitations

September 9, 2021

Screenshot of fake Google drive share used in scam email

In this example, scammers utilize Google Drive's collaboration feature and send push notifications from Google itself to deliver malicious content.

Example 246: Fake copyright infringement notices

July 21, 2021

We have seen several of these submitted via the public-facing web forms of legitimate University businesses. In each case, the claim and the sending email were fraudulent.

Example 245: Scam notice of your email being held

June 24, 2021

This example shows the scammers attempting to personalize the message and make it more believable by including the recipient’s Internet ID throughout the email.

Example 244: “Trust” Sends Scam Form to Reinstate Email

June 21, 2021

Scam form asking for UMN user name and passcode

Scammers used a couple of common techniques in this example.

Example 243: Ordinary Sloppy “Mailbox Storage Full” Scams

May 21, 2021

Screenshot of sloppy non-UMN login page titled Webmail

Less sophisticated, sloppy scammers still target the University community. Their emails are generally easier to recognize, even from the text of the email.

Example 242: Pending Mails

May 5, 2021

Example of scam email about pending mails - the text of this image is also in the content

Email scams play on human emotions such as curiosity, greed, or fear.

Read more of: Example 242: Pending Mails

Example 241: Fake UMN Google Login Pop-ups

May 5, 2021

Email scams are the primary way that cyber attackers infiltrate organizations.

Example 240: Fake UMN Login Pages Are Back!

March 18, 2021

Screenshot of fake UMN login page calling out aws URL and with FAKE across it in red

Scams involving fake login pages practically disappeared after the University implemented Duo

Example 239: Are you available? Business Email Exploit/Compromise

November 20, 2020

Screenshot of scam email with subject Available?

Business email exploits are a social engineering scam we see every day at the University.

Example 238: Retirement Scam for University Personnel

August 10, 2020

Small child in vivid yellow skirt grasps her grandparent's forearm. Photo credit @immo_cb on Instagram

Planning for retirement can be complex and emotional, and many people seek guidance and assurance that they are doing it “right”.

Example 237: Student job for you! $400 per week!

June 25, 2020

Mysterious detective figure with the words scam alert

Scams offering student employment are common at the University of Minnesota. Recently, there’s been a significant increase in the number of scams that are being attempted and the volume of recipients.

Example 236: Notice of personal information processing (Article Archived)

May 20, 2020

Article Archived

Example 235: Expiration Notice

April 20, 2020

A screenshot of the phishing landing page for Canvas

Phishing targeted at Canvas users This phishing scam was sent to a short list of UMN individuals with the subject “Expiration Notice”.

Read more of: Example 235: Expiration Notice

Example 234: Payroll Schedule

March 28, 2020

Fake University of Minnesota login page with notes

This phishing scam was sent to a public UMN Google Group with the subject 'Payroll Schedule'. A version of the message is included below.

Read more of: Example 234: Payroll Schedule

Defending Against COVID-19 Cyber Scams

March 6, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) released the following notice on March 6, 2020,

Advisory: Holiday Shopping, Phishing, and Malware Scams

November 8, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams.

Report Phishing

If you receive a phishing scam to your University email address, forward it to us at [email protected], and include complete headers. (Note: If you have difficulty forwarding a phishing message, send a summary of the email, including the sender and subject to [email protected].)

We will:

Block the return email addresses
Notify a website's administrators if a website is used to collect replies
Block access from the U network to the website
Notify other schools
Tune our rules that flag email as spam

What's Your Email Worth?

illustration of the data about you that can access through a hacked email account

Brian Krebs recently provided a sobering analysis of "The Value of a Hacked Email Account." Please share this with anyone who needs to be reminded that they shouldn't share their password with anyone!

Previous Phishing Examples

View examples of phishing scams targeting the U from 2012-2018 at phishing.it.umn.edu.