Re: New e-mail attack using valid webmail accounts

["Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>]

Thanks for the note Zach.  To my knowledge we did not receive any
phishing attempts, as we usually hear about them.  Aside, our upstream
provider does our spam filtering and they are pretty good about catching
the phishing messages.  However, you have sparked my curiosity enough to
ask around and see if I can find any evidence this occurred with this
particular account.

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at www.fairmontstate.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Zach Jansen
Sent: Monday, March 10, 2008 10:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] New e-mail attack using valid webmail accounts

When we saw this a few weeks ago it was a targeted attack. We received
two rounds of phishing emails targeting our institution that were
soliciting usernames and passwords. The phishing email itself was
generic (Dear user) and had pretty poor grammar and spelling. It
appeared to be one of two email that this particular attacker was using
to gather accounts and the only part that changed was which "service
team" the email was forged  from. Anyone using a webmail account who
responded had their account abused to send further phishing emails as
well as various types of scam emails. 

Zach

> > > On 3/7/2008 at 3:26 PM, in message
<0339279484D4314F90BBD1775E1F1EB905E1DD0A () cnex huc int>, "Bruggeman,
John"
<jbruggeman () HUC EDU> wrote:
> Did you find out what account was compromised or who was sending the
> spam?  What I'm wondering is if the attack was random or if someone
> targeted your site?