Educause Security Discussion mailing list archives
Re: New e-mail attack using valid webmail accounts
From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Mon, 10 Mar 2008 12:58:25 -0400
Thanks for the note Zach. To my knowledge we did not receive any phishing attempts, as we usually hear about them. Aside, our upstream provider does our spam filtering and they are pretty good about catching the phishing messages. However, you have sparked my curiosity enough to ask around and see if I can find any evidence this occurred with this particular account. Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at www.fairmontstate.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Zach Jansen Sent: Monday, March 10, 2008 10:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] New e-mail attack using valid webmail accounts When we saw this a few weeks ago it was a targeted attack. We received two rounds of phishing emails targeting our institution that were soliciting usernames and passwords. The phishing email itself was generic (Dear user) and had pretty poor grammar and spelling. It appeared to be one of two email that this particular attacker was using to gather accounts and the only part that changed was which "service team" the email was forged from. Anyone using a webmail account who responded had their account abused to send further phishing emails as well as various types of scam emails. Zach
On 3/7/2008 at 3:26 PM, in message
<0339279484D4314F90BBD1775E1F1EB905E1DD0A () cnex huc int>, "Bruggeman, John" <jbruggeman () HUC EDU> wrote:
Did you find out what account was compromised or who was sending the spam? What I'm wondering is if the attack was random or if someone targeted your site?
Current thread:
- Re: New e-mail attack using valid webmail accounts, (continued)
- Re: New e-mail attack using valid webmail accounts John Ladwig (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Bradley, Stephen W. Mr. (Mar 06)
- Re: New e-mail attack using valid webmail accounts Michael H. Martel (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Bruggeman, John (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 10)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 14)
- New e-mail attack using valid webmail accounts Kenneth Arnold (Mar 14)
- Re: New e-mail attack using valid webmail accounts Brian Friday (Mar 14)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 14)
- Re: New e-mail attack using valid webmail accounts Curt Wilson (Mar 14)