Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New e-mail attack using valid webmail accounts

From: Zach Jansen <zjanse20 () CALVIN EDU>
Date: Fri, 14 Mar 2008 09:41:22 -0400
For the good of the group, below is the phishing email that we've been seeing. There are typically minor variations 
between each version including the use of the term "webmail" or minor customization targeted towards the specific 
institution ("CALVIN WEBMAIL TEAM"). In doing some research on one that we received today I found that Purdue put out 
on alert on it: http://www.purdue.edu/securePurdue/news/detail.cfm?NewsID=189 

Replies typically go to a hotmail, live.com, or yahoo address. All of the emails we have received have come through 
.edu mail servers.

Here's the message:

VERIFY YOUR EMAIL ACCOUNT NOW

Dear Email Account Owner,

This message is from educational messaging center to all our email
account owners. We are currently upgrading our data base and e-mail account
center. We are deleting all our edu email accounts to create more space for new 
accounts.
 
To prevent your edu account from closing you will have to update it below
so that we will know that it's a presently used account.

We have been sending this notice to all our email account owners and this is
the last notice/verification exercise.
 
CONFIRM YOUR EMAIL IDENTITY BELOW
 
Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........
 
Warning!!! Account owner that refuses to update his or her account
within Seven days of receiving this warning will lose his or her account 
permanently.
 
Thank you for using edu!
Warning Code:VX2G99AAJ
Thanks,
Edu Account Upgrade Team


-- 

Zach Jansen
Information Security Officer
Calvin College
Phone: 616.526.6776
Fax: 616.526.8550
Previous By Date Next
Previous By Thread Next

Current thread: