Educause Security Discussion mailing list archives

Re: <SPAM> Re: user account compromise?

From: Dick Jacobson <Dick.Jacobson () NDUS NODAK EDU>
Date: Thu, 24 Apr 2008 16:08:57 -0500

On Thu, 24 Apr 2008, Cal Frye wrote:

We also had one of the where the password was changed but the activity
retuurned.  Our email guru said the person must have maintained a
connection over the period of the password change - so check the
connections also - or the user simply changed their password back to the
original (even though they said they didn't).

Barros, Jacob wrote:

Ken and all.  That was it.  He did reply to one of those phishing scams.
No more than 12 hours before the SPAM was launched.  Any non-internal
legal advice would be appreciated.


Be careful changing his password -- don't email it to him, as the spammer may
have set up forwarding and might receive a copy of the notice ;-)

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

  www.calfrye.com,  www.pitalabs.com

"Reality is merely an illusion, albeit a very persistent one. " - Albert
Einstein (1879-1955)



-----------------------------------------------------------------------
Dick Jacobson                   e-mail : Dick.Jacobson () ndus NoDak edu
NDUS IT Security Officer        office : IACC 206, NDSU
ND HECN MultiUser Host SysAd    phone  : 701-231-7385
-----------------------------------------------------------------------

Current thread:

<SPAM> Re: user account compromise? Stephen John Smoogen (Apr 24)
- <Possible follow-ups>
- <SPAM> Re: user account compromise? Cal Frye (Apr 24)
- Re: <SPAM> Re: user account compromise? Dick Jacobson (Apr 24)
- Re: <SPAM> Re: user account compromise? Stephen John Smoogen (Apr 24)
- <SPAM> RE: user account compromise? Jenkins, Matthew (Apr 24)
- <SPAM> Re: user account compromise? Paul Russell (Apr 24)