Educause Security Discussion mailing list archives
Re: Phishing Attacks version 2
From: "David L. Wasley" <dlwasley () EARTHLINK NET>
Date: Thu, 3 Jul 2008 10:16:19 -0700
Historical note: this sounds like a modern variant of a very old attack. Back in the time sharing era, a malevolent user could write a program that emulated the system login screen and leave it running on a vacant terminal. A naive user would try to log in, get an error message, and then the real login screen would appear. Meanwhile their userid/password was emailed to the perpetrator in the background. In the modern case, the perpetrator should redirect the victim to the real webmail page after capturing his/her credential. David (old guy ;-)) ----- At 11:27 AM -0400 on 7/3/08, Zach Jansen wrote:
Well this had to come eventually, but just in case others haven't seen this... One of my users received a phishing attack that offered a link to our webmail page and insisted that the user needed to login to secure their account instead of asking for the password by reply. The link actually goes to an exact copy of our webmail login page and records the username and password of whoever visits the site. I've also seen HTML forms embedded directly in the email that do more or less the same thing. Zach -- Zach Jansen Information Security Officer Calvin College Phone: 616.526.6776 Fax: 616.526.8550
Current thread:
- Phishing Attacks version 2 Zach Jansen (Jul 03)
- <Possible follow-ups>
- Re: Phishing Attacks version 2 Di Fabio, Andrea (Jul 03)
- Re: Phishing Attacks version 2 Zach Jansen (Jul 03)
- Re: Phishing Attacks version 2 RL Vaughn (Jul 03)
- Re: Phishing Attacks version 2 David L. Wasley (Jul 03)