Re: FYI: Another round of spear Phishing

[Joel Rosenblatt <joel () COLUMBIA EDU>]

We have seen them do this on Exchange though.  Mostly we see webmail also.  We have seen lots of other types of spam 
then 419 - usually, they will sacrifice a
few of the first passwords to send as many phishes out as they can - they reserve most for later income producing use.  
We have seen them start to use an ID
within an 30 minutes of the genius sending them the password.

Joel Rosenblatt

--On Wednesday, July 02, 2008 10:06 AM -0700 "J. Fowler" <fowler () CSUFRESNO EDU> wrote:

> Gasper, Rick wrote:
> > I want to ask a rather simple question: if a spear phisher gets the account info, does it really matter if they use 
> > Imap or pop to connect?
> We are not witnessing them reading user email. They only seem interested in sending mass amounts of 419 scams through 
> smtp via webmail. They seem to prefer
> webmail because it offers features like mail forwarding and signature file customization. I'm not sure we've ever seen 
> a connection via pop or imap.



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel