Educause Security Discussion mailing list archives
Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers.
From: "Clouse, Michael J" <clousemj () COFC EDU>
Date: Tue, 3 Sep 2013 14:13:50 +0000
I have created blocks/quarantines in my email gateways for any content with these domains (AND) special words like webmail, quota, or administrator. The quarantine has been very successful blocking all these phishing forms except for a few in other languages. The only ones I am seeing now are from hacked websites. [Description: Description: Description: Description: Description: WM - PMS188] ________________________________ Michael Clouse Security, Identity & Access Management, IT 843-953-8207 or clousemj () cofc edu<mailto:clousemj () cofc edu> College of Charleston Protect your Identity - Learn about Phishing !<http://it.cofc.edu/security/phishing/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Friday, August 30, 2013 10:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. My overnight collection of new phishing links has put jimdo(.)com well ahead of webs(.)com as the host of choice for phish links today. Here's my overnight list: upgreadeyourmailbox.jimdo(.)com dearuserupgreade.jimdo(.)com email-reactivitionlinkaccess.jimdo(.)com itsaccountvalidationprocess.jimdo(.)com routineformaintenance.jimdo(.)com web-adstrator.jimdo(.)com mailboxaccessweb.jimdo(.)com wbactieve.jimdo(.)com staffloginitsupportupgrade2013.jimdo(.)com dutchwebpage.webs(.)com gameonefor.webs(.)com e-mailusers.webs(.)com webcleanup.webs(.)com staffstudentfacaultymailboxcleanup.webs(.)com faculty-staff111.yolasite(.)com verificatinform.yolasite(.)com I have reported all of them to their respective services. Webs(.)com is getting real good about acting on abuse reports quickly - often within a few minutes. Our whole list of known web form hosting services used by phishers can be found at: https://it.usu.edu/computer-security/be-an-internet-skeptic/form-services/ I have crippled all the hostnames so that our mail filter doesn't go crazy when it sees this message come back from the SECURITY list. ;-) Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University three common hazardous email scams to watch out for: 1) unfamiliar transaction report from familiar business 2) attachment with no explanation in message body 3) "phishing" for your email password
Current thread:
- jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Bob Bayn (Aug 30)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Roger A Safian (Aug 30)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Clouse, Michael J (Sep 03)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Robert Meyers (Sep 04)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Roger A Safian (Sep 04)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Greg Williams (Sep 09)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Robert Meyers (Sep 04)