Re: FYI: Another round of spear Phishing

[ram smith <ram.smith () SCU EDU AU>]

We got hit by a similiar attack yesterday too.

Sender: kbrunsch () cogeco ca
From: Admin <physics.maths () live com>

---
Dear valued customer,

We are currently performing maintenance for our Digital Webmail
Customers. We intend upgrading our Digital Webmail
Security Server for better online services.

In order to ensure you do not experience service interruption,Please you
must reply to this email immediately and enter
your
First Name:............
Last Name:...................
scu.edu.au Username :(...............) ...............
scu.edu.au Password :(.................)................
Check out your new features and enhancements with your new
and improved scu.edu.au Account,To enable us upgrade your scu.edu.au
Account for better online services please reply to
this mail:  physics.maths () live com

Thank You For Using scu.edu.au Account
--

As far as phishing scams go this one was pretty silly.

We have received others that refer to the gender of our webmaster!
(female) and that actually bothered to spoof the from header to appear
to be from our helpdesk.

Cheers,

ram.


On Tue, 2008-06-17 at 14:57 -0400, Robin Polak wrote:
> We just got hit by this attack as well.  The reply-to address is set
> to center_up_grade () live com
>
> Dear mountsaintvincent.edu Email Owner,
>
> This message is from mountsaintvincent.edu messaging center to all
> mountsaintvincent.edu
> Email owners. We are currently upgrading our data base and
> e-mail center. We are deleting all unused mountsaintvincent.edu
> to create more space for new one.
>
> To prevent your account from closing you will have to update it
> below so that we will know that it's a present used account.
>
> CONFIRM YOUR EMAIL BELOW
> Email Username :.....
> EMAIL Password : ................
> Date of Birth : .................
> Country or Territory : ..........
>
> Warning!!! Email owner that refuses to update his or her
> Email,within Seven days of receiving this warning will lose his or her
> Email permanently.
>
> Thanks,
> mountsaintvincent.edu Team
> MOUNTSAINTVINCENT BETA.
>
>
>
>
> ---------------------------------------------------------------------------
> 3webXS HiSpeed Dial-up...surf up to 5x faster than regular dial-up
> alone...
> just $14.90/mo...visit www.get3web.com for details
>
> On Thu, Jun 12, 2008 at 6:46 PM, Paul Russell <prussell () nd edu> wrote:
> > On 6/12/2008 10:32 AM, Zach Jansen wrote:
> > > Clyde,
> > > I think a few of us share your pain. Search the archives for some
> good
> > > suggestions, the topic has come up a couple times this year.
> >
> > This is an ongoing topic of conversation on the hied-emailadmin
> list.
> > Participants are sharing information about sender and reply-to
> addresses
> > seen at their sites.  You can review the list archives and subscribe
> to
> > the list at <http://listserv.nd.edu/archives/hied-emailadmin.html>.
> >
> > --
> > Paul Russell, Senior Systems Administrator
> > OIT Messaging Services Team
> > University of Notre Dame
> > prussell () nd edu
>
>
>
> --
> Robin Polak
> E-Mail: robin.polak () gmail com
> V. 917-494-2080
--
Ram Smith
Unix System Administrator
IT&TS, Southern Cross University, Lismore, NSW, Australia
Email: ram.smith () scu edu au Ph.: +61 2 6620 3337 Fax: +61 2 6620 3033