Educause Security Discussion mailing list archives
Re: .edu email phishing
From: Zach Jansen <zjanse20 () CALVIN EDU>
Date: Tue, 1 Apr 2008 16:13:22 -0400
We've been seeing this at Calvin at a very steady rate now for over a month. On average we're seeing two significant mailings per week(300-500 emails) and that's starting to pick up more. I'm also seeing regular smaller batches in the 4-50 emails range. I've been mildly successful writing filters in our spam firewall, but I think easily half of these still go through to our users. For the most part our users have clued in that this is a scam, and the few that haven't are getting their accounts deactivated when we detect that they've fallen for it. There was a thread about these a couple weeks ago entitled "new email attack using valid webmail accounts" (3/10 - 3/14ish). The gist of it is the phishers are looking for valid webmail accounts with which to send spam from legitimate email servers. Seems to be quite effective for them as I keep seeing these, mostly out of .edu's. I'm not aware of any good defenses against this. The spam filter isn't catching them all. User education and scripts to detect massive email usage seem to be the most effective. Zach -- Zach Jansen Information Security Officer Calvin College Phone: 616.526.6776 Fax: 616.526.8550
On 4/1/2008 at 2:47 PM, in message
<014801c89428$c73fa9a0$6502a8c0@PENTIUM43GHz>, Jimmy Kuo <cjkuo () verizon net> wrote:
Was this a directed (against caltech.edu) attack or was this one of a family sent to other .edu lists? Has anyone seen one like this for their school? The return address was actually set up for: ask.helpdesk0 () gmail com Jimmywww.caltech.edu
Current thread:
- Re: .edu email phishing, (continued)
- Re: .edu email phishing Logan, Kimberly (loganks) (Apr 01)
- Re: .edu email phishing Winders, Timothy A (Apr 01)
- Re: .edu email phishing Joe St Sauver (Apr 01)
- Re: .edu email phishing Jimmy Kuo (Apr 01)
- Re: .edu email phishing Winders, Timothy A (Apr 01)
- Re: .edu email phishing Kees Leune (Apr 01)
- Re: .edu email phishing Jimmy Kuo (Apr 01)
- Re: .edu email phishing Brewer, Alex D (Apr 01)
- Re: .edu email phishing Lesli Sagan (Apr 01)
- Re: .edu email phishing Michael Behun (Apr 01)
- Re: .edu email phishing Zach Jansen (Apr 01)
- Re: .edu email phishing Dick Jacobson (Apr 02)
- Re: .edu email phishing Theresa Semmens (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Christopher Webber (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Dave Koontz (Apr 02)
(Thread continues...)