Re: .edu email phishing

[Zach Jansen <zjanse20 () CALVIN EDU>]

We've been seeing this at Calvin at a very steady rate now for over a month. On average we're seeing two significant 
mailings per week(300-500 emails) and that's starting to pick up more. I'm also seeing regular smaller batches in the 
4-50 emails range. I've been mildly successful writing filters in our spam firewall, but I think easily half of these 
still go through to our users. For the most part our users have clued in that this is a scam, and the few that haven't 
are getting their accounts deactivated when we detect that they've fallen for it. There was a thread about these a 
couple weeks ago entitled "new email attack using valid webmail accounts" (3/10 - 3/14ish). The gist of it is the 
phishers are looking for valid webmail accounts with which to send spam from legitimate email servers. Seems to be 
quite effective for them as I keep seeing these, mostly out of .edu's. 

I'm not aware of any good defenses against this. The spam filter isn't catching them all. User education and scripts to 
detect massive email usage seem to be the most effective. 

Zach
-- 

Zach Jansen
Information Security Officer
Calvin College
Phone: 616.526.6776
Fax: 616.526.8550

> > > On 4/1/2008 at 2:47 PM, in message
<014801c89428$c73fa9a0$6502a8c0@PENTIUM43GHz>, Jimmy Kuo <cjkuo () verizon net>
wrote:
> Was this a directed (against caltech.edu) attack or was this one of a family 
> sent to other .edu lists?  Has anyone seen one like this for their school?
>
> The return address was actually set up for:
>
> ask.helpdesk0 () gmail com 
>
> Jimmy
>
> > > www.caltech.edu