Internet Skeptic Blog

Posted by: Bob Bayn on Mar 7, 2016

Login page for research article is fake

On March 7, 2016, we received about 50 copies of a fake request for a published research article. The email instructs the recipient to follow a link to a website hosting a fake copy of the USU login page.

Here is what the emails looked like:

From: "Zzzzzzz@" <ulberta.ca Zzzzzzz@ulberta.ca>
Date: March 7, 2016 at 6:03:29 AM MST
To: <Xxxx.Yyyyyy@usu.edu>
Subject: Re:
Hi

Dear Dr. Yyyyyy;

I recently read your last article and it was very useful in my field of research.
I wonder, if possible, to send me these articles to use in my current research:


1- http://login.usu.edud.in/cas/UserPassword.php?http://www.sciencedirect.com/science/article/pii/S0019850115000188


2- http://www.sciencedirect.com/science/article/pii/S001985011500019X


Thanks for you Cooperation in Advance.


 Yyyyyyy Zzzzzz
Department of Management
University of Alberta
Edmonton, AB
Canada

This one even shows the actual link to login.usu.edud.in/cas/ instead of our real login address at login.usu.edu/cas/. Those few extra letters send you off to India (.in). If you were to login on that fake page, you would be sent to the sciencedirect.com link which is a real research article, but most likely not yours. Meanwhile, the phishing spammer would have your Anumber and password and could use your email account for spam or sign in to our VPN service or to SSB and change your Direct Deposit routing number or look at your W-2 form or other valuable information.

Here is what the fake page looked like in the browser (see the highlighted address):

Of course, the phishing spammer didn't go to all this trouble just for USU. The edud.id host also contains the login pages for other organizations, higher ed and otherwise. So far, we know of two other universities that were attacked with similar messages.

Thanks for being an Internet Skeptic!