Fake login pages are typically delivered as a link in a scam email, often with a notice like “you have a secure message” or “your account will be closed.” Scammers are trying to capture user ID and password combinations and then trick people into typing in a Duo code in a fake prompt or accepting a Duo push that they did not initiate. These attacks have gotten more sophisticated, where passwords are tested immediately after being harvested by the fake login page, making it harder to differentiate your login attempts from theirs.
These phishing emails may come from a non-University email address, a non-U account that tries to impersonate a University person or group, or a University account that has been compromised.
Checking to see if an email is legitimate is harder to do on your phone or tablet. You may not easily see who is actually sending the email and you can’t review the web link within the message without additional steps. When in doubt, check the email from a computer instead.
Indicators of Phishing
- Email is suspicious and/or unexpected.
- Unrecognized sender email address impersonating the University.
- Message is mysterious or of inflated importance.
- URL link is strange or suspicious.
- Login URLS are not umn.edu.
- A new login page(s) appears when you’re already signed in.
What to Do If You Receive One of These
- Do not reply, click the link(s), or login (if you do click the link).
- Forward the scam email to [email protected].
- Report it as phishing to Google. In Gmail, select the three-dot More menu next to Reply and choose Report phishing to help educate Google's filters to block similar messages in the future.
- For more information, please see: Recognize and Report Email Scams
Examples
From: UMN <[email protected]>
Date: Fri, Jun 10, 2022 at 7:12 PM
Subject: UMN Notification(s)
To: <[email protected]>
1 New Important Message.
Open Message
<hxxps://www.hyperhub.com.au/newhub/api/email/track?client_id=39&email_id=510&send_id=202469&type=clickLink&url=aHR0cHM6Ly90ZXJ1aW5ldC5jb20vdW1uLmVkdQ= >
University of Minnesota
Fake University Login Page
Fake Duo Passcode Page