Educause Security Discussion mailing list archives
Re: .edu email phishing
From: Theresa Semmens <theresa.semmens () NDSU EDU>
Date: Wed, 2 Apr 2008 08:17:38 -0500
I believe Yahoo has set up some sort of filter against the nodak domain as well. I've had reports of users not receiving .edu email to their yahoo accounts. Theresa Semmens, CISA NDSU IT Security Officer PO Box 5164 North Dakota State University Fargo, ND Phone: 701-231-5870 FAX: 701-231-8541 Theresa.Semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dick Jacobson Sent: Wednesday, April 02, 2008 7:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] .edu email phishing On Tue, 1 Apr 2008, Jimmy Kuo wrote: We are seeing several of these in North Dakota. It has been going on since mid-February and a few people have bitten on this. (There may also be some simple passwords and cracking going on.) If the gentleman from Verizon has any thoughts about how to coordinate some of this, I would be interested .. since Verizon is one of the ISPs blocking some of our domains. ;-)
Are you (general/educause) pretty well set up with takedown requests for these email accounts at the various ISPs? If not, I encourage you as a
group
to set something up. (I can only offer a little bit of help as my specialty is in another area
of
security (antimalware). I only have a few contacts.) Jimmy jkuo () microsoft com ----- Original Message ----- From: "Winders, Timothy A" <twinders () southplainscollege edu> To: "Jimmy Kuo" <cjkuo () verizon net>; <security () listserv educause edu> Sent: Tuesday, April 01, 2008 11:57 AM Subject: RE: [SECURITY] .edu email phishing I had one user yesterday report receiving a message similar to this, but I
have personally not seen it. Searching through our barracuda, I don't have anything from ask.helpdesk, nothing with the subject ending with "email account now." Ha! Just found one with "UPDATE YOUR EMAIL ACCOUNT" in the subject from "educationalwebmaster75 () yahoo com" routed through uoregon.edu, 128.223.142.41. Anyone from uoregon on this list? Tim Winders | Associate Dean of Information Technology | South Plains
College
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jimmy Kuo Sent: Tuesday, April 01, 2008 1:47 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] .edu email phishing Was this a directed (against caltech.edu) attack or was this one of a family sent to other .edu lists? Has anyone seen one like this for their school? The return address was actually set up for: ask.helpdesk0 () gmail com Jimmy----- Original Message ----- From: "ADMIN HELPDESK" <helpdesk () caltech edu> To: <undisclosed-recipients:> Sent: Monday, March 31, 2008 12:39 PM Subject: VERIFY YOUR CALTECH.EDU EMAIL ACCOUNT NOW. Dear caltech.edu Email Account Owner, This message is from caltech.edu messaging center to all caltech.edu email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused caltech.edu email accounts tocreatemore space for new accounts. To prevent your account from being closed, you will have to updateitbelow so that we will know that it's a present used account. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username : .......... ..... EMAIL Password : ................ Date of Birth : ................. Country or Territory : .......... Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her accountpermanently.Thank you for using caltech.edu Warning Code:VX2G99AAJ caltech.edu Team www.caltech.edu Dear caltech.edu Email Account Owner, This message is from caltech.edu messaging center to all caltech.edu email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused caltech.edu email accounts tocreatemore space for new accounts. To prevent your account from being closed, you will have to updateitbelow so that we will know that it's a present used account. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username : .......... ..... EMAIL Password : ................ Date of Birth : ................. Country or Territory : .......... Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her accountpermanently.Thank you for using caltech.edu Warning Code:VX2G99AAJ caltech.edu Team www.caltech.edu
----------------------------------------------------------------------- Dick Jacobson e-mail : Dick.Jacobson () ndus NoDak edu NDUS IT Security Officer office : IACC 206, NDSU ND HECN MultiUser Host SysAd phone : 701-231-7385 -----------------------------------------------------------------------
Current thread:
- Re: .edu email phishing, (continued)
- Re: .edu email phishing Joe St Sauver (Apr 01)
- Re: .edu email phishing Jimmy Kuo (Apr 01)
- Re: .edu email phishing Winders, Timothy A (Apr 01)
- Re: .edu email phishing Kees Leune (Apr 01)
- Re: .edu email phishing Jimmy Kuo (Apr 01)
- Re: .edu email phishing Brewer, Alex D (Apr 01)
- Re: .edu email phishing Lesli Sagan (Apr 01)
- Re: .edu email phishing Michael Behun (Apr 01)
- Re: .edu email phishing Zach Jansen (Apr 01)
- Re: .edu email phishing Dick Jacobson (Apr 02)
- Re: .edu email phishing Theresa Semmens (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Christopher Webber (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Dave Koontz (Apr 02)
- Re: .edu email phishing Jeffrey I. Schiller (Apr 02)
- Re: .edu email phishing Mike Iglesias (Apr 02)
(Thread continues...)