Educause Security Discussion mailing list archives
Re: New e-mail attack using valid webmail accounts
From: Brian Friday <bfriday () LASIERRA EDU>
Date: Fri, 14 Mar 2008 08:11:14 -0700
Just got a user reporting to have received on of these messages just this morning. Unfortunately they forwarded the message without headers so still waiting for the juicy details. From address was "EDU ACCOUNT UPGRADE TEAM <arippy () purdue edu>" And of course the reply to went to a live.com address Brian Friday Manager, La Sierra University's IT: Infrastructure Department Tel: (951) 785-2900 / Fax: (951) 785-2908 Riverside, CA 92515 Email: bfriday () lasierra edu Infrastructure: It is the telephone on your desk, the wires in your walls, the email you check daily, and the network that ties it all together. On Mar 14, 2008, at 6:41 AM, Zach Jansen wrote:
For the good of the group, below is the phishing email that we've been seeing. There are typically minor variations between each version including the use of the term "webmail" or minor customization targeted towards the specific institution ("CALVIN WEBMAIL TEAM"). In doing some research on one that we received today I found that Purdue put out on alert on it: http://www.purdue.edu/securePurdue/news/detail.cfm?NewsID=189 Replies typically go to a hotmail, live.com, or yahoo address. All of the emails we have received have come through .edu mail servers. Here's the message: VERIFY YOUR EMAIL ACCOUNT NOW Dear Email Account Owner, This message is from educational messaging center to all our email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all our edu email accounts to create more space for new accounts. To prevent your edu account from closing you will have to update it below so that we will know that it's a presently used account. We have been sending this notice to all our email account owners and this is the last notice/verification exercise. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username : .......... ..... EMAIL Password : ................ Date of Birth : ................. Country or Territory : .......... Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently. Thank you for using edu! Warning Code:VX2G99AAJ Thanks, Edu Account Upgrade Team -- Zach Jansen Information Security Officer Calvin College Phone: 616.526.6776 Fax: 616.526.8550
Current thread:
- Re: New e-mail attack using valid webmail accounts, (continued)
- Re: New e-mail attack using valid webmail accounts Michael H. Martel (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Bruggeman, John (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 10)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 14)
- New e-mail attack using valid webmail accounts Kenneth Arnold (Mar 14)
- Re: New e-mail attack using valid webmail accounts Brian Friday (Mar 14)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 14)
- Re: New e-mail attack using valid webmail accounts Curt Wilson (Mar 14)