Educause Security Discussion mailing list archives
Re: More spear phishing + vishing
From: "Fugett, Julie C" <jcf () KU EDU>
Date: Sat, 5 Jul 2008 00:08:08 -0500
Not via phone--yet. (Hang on, I am looking for wood to knock on.) They did request KU credentials via e-mail, which they came back and used to send their garbage through our mail systems. Now that you've said that, I think I know what they're going to hit us with next. Sigh. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv on behalf of Jenkins, Matthew Sent: Fri 7/4/2008 11:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] More spear phishing + vishing Thanks Julie for posting this. I had mentioned to others here at our university several months ago that attackers would end up using phone calls once we blocked the e-mail avenue. We had seen e-mails telling people to call automated numbers but, to my knowledge, have not received any automated calls or SMS messages. Has anyone had any attacks that solicit campus account information via phone that you are aware of? Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at www.fairmontstate.edu <https://fsmail.fairmontstate.edu/exchweb/bin/redir.asp?URL=http://www.fairmontstate.edu/> ________________________________ From: The EDUCAUSE Security Constituent Group Listserv on behalf of Fugett, Julie C Sent: Thu 7/3/2008 10:48 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] More spear phishing + vishing I just wanted to add that these people (I use the term loosely) are now text messaging members of the Lawrence and KU communities. We're keeping people updated via our blog, among other places. The entry is here: http://www2.ku.edu/~privacy/cgi-bin/mydrupal/?q=node/91 -Julie ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Fugett, Julie C Sent: Monday, June 30, 2008 4:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] More spear phishing + vishing I wanted to share this as it may be arriving soon at a community near you. KU and the Lawrence community were hit by a hybrid phishing and vishing (voice phishing) attack over the weekend. Residents received calls Saturday night. The calls do not appear to be limited to just members of the KU community--my theory is they were wardialing through all the local exchanges. I had a message on my machine from about 10pm, but according to the paper some people were called as late (early?) as 1:30-2am. It appeared that the group doing the calling may have followed up with e-mails as well. http://www2.ljworld.com/news/2008/jun/30/beware_fraudulent_callers_soliciting_personal_info/ <http://www2.ljworld.com/news/2008/jun/30/beware_fraudulent_callers_soliciting_personal_info/> -Julie ____________________________________________ Julie C. Fugett, CISSP, CCE Information Security Analyst IT Security Office, A division of Information Services The University of Kansas http://www.security.ku.edu <http://www.security.ku.edu/> http://www.beseKUre.ku.edu <http://www.besekure.ku.edu/>
Current thread:
- Re: More spear phishing + vishing Fugett, Julie C (Jul 03)
- <Possible follow-ups>
- Re: More spear phishing + vishing Jenkins, Matthew (Jul 04)
- Re: More spear phishing + vishing Fugett, Julie C (Jul 04)