Re: .edu email phishing

[Jimmy Kuo <cjkuo () VERIZON NET>]

Are you (general/educause) pretty well set up with takedown requests for
these email accounts at the various ISPs?  If not, I encourage you as a
group to set something up.

(I can only offer a little bit of help as my specialty is in another area of
security (antimalware).  I only have a few contacts.)

Jimmy
jkuo () microsoft com

----- Original Message -----
From: "Winders, Timothy A" <twinders () southplainscollege edu>
To: "Jimmy Kuo" <cjkuo () verizon net>; <security () listserv educause edu>
Sent: Tuesday, April 01, 2008 11:57 AM
Subject: RE: [SECURITY] .edu email phishing


I had one user yesterday report receiving a message similar to this, but I
have personally not seen it.

Searching through our barracuda, I don't have anything from ask.helpdesk,
nothing with the subject ending with "email account now."

Ha!  Just found one with "UPDATE YOUR EMAIL ACCOUNT" in the subject from
"educationalwebmaster75 () yahoo com" routed through uoregon.edu,
128.223.142.41.

Anyone from uoregon on this list?

Tim Winders | Associate Dean of Information Technology | South Plains
College


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jimmy Kuo
> Sent: Tuesday, April 01, 2008 1:47 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] .edu email phishing
>
> Was this a directed (against caltech.edu) attack or was this one of a
> family
> sent to other .edu lists?  Has anyone seen one like this for their
> school?
>
> The return address was actually set up for:
>
> ask.helpdesk0 () gmail com
>
> Jimmy
>
> >> ----- Original Message -----
> >> From: "ADMIN HELPDESK" <helpdesk () caltech edu>
> >> To: <undisclosed-recipients:>
> >> Sent: Monday, March 31, 2008 12:39 PM
> >> Subject: VERIFY YOUR CALTECH.EDU EMAIL ACCOUNT NOW.
> >>
> >>
> >>
> >>
> >> Dear caltech.edu Email Account Owner,
> >>
> >> This message is from caltech.edu messaging center to all caltech.edu
> >> email
> >> account owners. We are currently upgrading our data base and e-mail
> >> account
> >> center. We are deleting all unused caltech.edu email accounts to
> create
> >> more
> >> space for new accounts.
> >>
> >> To prevent your account from being closed, you will have to update
> it
> >> below so
> >> that we will know that it's a present used account.
> >>
> >> CONFIRM YOUR EMAIL IDENTITY BELOW
> >>
> >> Email Username : .......... .....
> >> EMAIL Password : ................
> >> Date of Birth : .................
> >> Country or Territory : ..........
> >>
> >> Warning!!! Account owner that refuses to update his or her account
> >> within Seven
> >> days of receiving this warning will lose his or her account
> permanently.
> >>
> >> Thank you for using caltech.edu
> >> Warning Code:VX2G99AAJ
> >>
> >> caltech.edu Team
> >>
> >> www.caltech.edu
> >>
> >> Dear caltech.edu Email Account Owner,
> >>
> >> This message is from caltech.edu messaging center to all caltech.edu
> >> email
> >> account owners. We are currently upgrading our data base and e-mail
> >> account
> >> center. We are deleting all unused caltech.edu email accounts to
> create
> >> more
> >> space for new accounts.
> >>
> >> To prevent your account from being closed, you will have to update
> it
> >> below so
> >> that we will know that it's a present used account.
> >>
> >> CONFIRM YOUR EMAIL IDENTITY BELOW
> >>
> >> Email Username : .......... .....
> >> EMAIL Password : ................
> >> Date of Birth : .................
> >> Country or Territory : ..........
> >>
> >> Warning!!! Account owner that refuses to update his or her account
> >> within Seven
> >> days of receiving this warning will lose his or her account
> permanently.
> >>
> >> Thank you for using caltech.edu
> >> Warning Code:VX2G99AAJ
> >>
> >> caltech.edu Team
> >>
> >> www.caltech.edu