Educause Security Discussion mailing list archives
Re: InfoSec Alert from University of Cincinnati
From: Dan Oachs <doachs () GAC EDU>
Date: Mon, 28 Jan 2008 09:37:16 -0600
We were hit by a very similar spear phishing attack early last week. Ours was mostly sent to faculty/employees. A couple of them forwarded us the email and shortly after that I blocked our mailservers from receiving or sending email to either of the addresses. I checked our logs and luckily no one had tried to reply to that message (using our mailservers anyway ) before I was able to block it.
I didn't notice the attack at first mainly because my spamassassin settings caused it to get a high enough score that it went into my spam folder. Obviously this was not the case for everyone.
A little more info available here: http://coreservices.blog.gustavus.edu/2008/01/23/phishing-email-sent-to-gustavus-accounts-yesterday/
Thanks, Dan Oachs Gustavus Adolphus College Mclaughlin, Kevin (mclaugkl) wrote:
Hi Everyone: Just some information I thought you might be interested in.We were hit by a Spear Phishing attack on Friday. This attack proved to be pretty successful against the members of our community and caused a lot of extra work for our email services team over the weekend. The attack basically asked members of our student email community to send their passwords to a member of the UC email support team (see actual email below). We had put an alert out via our IT and technology listserve groups early Friday when we got wind of this but surprisingly (or not surprisingly) a large percentage of our students fell for this particular attack. What was even more interesting was that our Mirapoint SPAM filters assigned this a low likelihood of SPAM value even though the “From” and “Reply To” addresses were completely different domains.-Kevin*========================================= Information Security Alert ======================================================== *UC Information Security has received a report of a new spear-phishing attempt against UC email users. Spear-Phishing is a phishing campaign tailored to a specific target group, using language or information to pacify suspicions of the target group.This phishing attempt requests the user to send their password in a reply email. Please alert your communities to this threat and remind them that UCit will never ask for a password to be sent by email!*The Phishing message looks like this. (Note that the return address is a yahoo account): *From: "EMAIL.UC.EDU SUPPORT" <support () email uc edu> Date: January 24, 2008 9:36:14 AM EST To: undisclosed-recipients:; Subject: Confirm Your E-mail Address Reply-To: youfidnet () yahoo com Dear Email.uc.edu Subscriber, To complete your email.uc.edu account, you must reply to this email immediately and enter your password here (*********) Failure to do this will immediately render your email address deactivated from our database. You can also confirm your email address by logging into your email.uc.edu account at https://email.uc.edu Thank you for using EMAIL.UC.EDU ! EMAIL.UC.EDU TEAM*=================================== End Information Security Alert ========================================== *Kevin L. McLaughlin CISM, CISSP, GIAC,PMP, ITIL Master Certified Director, Information Security University of Cincinnati 513-556-9177 (w) 513-703-3211 (m) 513-558-ISEC (department) UC-Logo-800CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential, intended solely for the addressee, and may be legally privileged. Access to this message and its content by any individual or entity other than those identified in this message is unauthorized. If you are not the intended recipient, any disclosure, copying or distribution of this e-mail may be unlawful. Any action taken or omitted due to the content of this message is prohibited and may be unlawful.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- InfoSec Alert from University of Cincinnati Mclaughlin, Kevin (mclaugkl) (Jan 28)
- <Possible follow-ups>
- Re: InfoSec Alert from University of Cincinnati Ken Connelly (Jan 28)
- Re: InfoSec Alert from University of Cincinnati Dan Oachs (Jan 28)
- Re: InfoSec Alert from University of Cincinnati Bob Bayn (Jan 28)
- Re: InfoSec Alert from University of Cincinnati David A. Batastini (Jan 28)
- Re: InfoSec Alert from University of Cincinnati Gene Spafford (Jan 28)
- Re: InfoSec Alert from University of Cincinnati Greg Vickers (Jan 28)