Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers.

[Robert Meyers <REMeyers () MAIL WVU EDU>]

After receiving a phishing attack I went to jimdo.com's home page and started a chat with their support group. 
Literally within seconds they took down the phishing page at my request. While it could take all day tracking down 
every phishing page that shows up, it was gratifying to have them respond so quickly to my request.

Bob Meyers
WVU Information Security Services

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Michael J 
Clouse <clousemj () COFC EDU>
Sent: Tuesday, September 03, 2013 10:13 AM
To: The EDUCAUSE Security Constituent Group Listserv; Robert Meyers
Subject: Re: [SECURITY] jimdo(.)com surges ahead of webs(.)com as a favorite of phishers.

I have created blocks/quarantines in my email gateways for any content with these domains (AND) special words like 
webmail, quota, or administrator.  The quarantine has been very successful blocking all these phishing forms except for 
a few in other languages.  The only ones I am seeing now are from hacked websites.
[Description: Description: Description: Description: Description: WM - PMS188]
________________________________
Michael Clouse
Security, Identity & Access Management, IT
843-953-8207 or clousemj () cofc edu<mailto:clousemj () cofc edu>
College of Charleston
Protect your Identity - Learn about Phishing !<http://it.cofc.edu/security/phishing/>





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn
Sent: Friday, August 30, 2013 10:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] jimdo(.)com surges ahead of webs(.)com as a favorite of phishers.

My overnight collection of new phishing links has put jimdo(.)com well ahead of webs(.)com as the host of choice for 
phish links today.  Here's my overnight list:

upgreadeyourmailbox.jimdo(.)com
dearuserupgreade.jimdo(.)com
email-reactivitionlinkaccess.jimdo(.)com
itsaccountvalidationprocess.jimdo(.)com
routineformaintenance.jimdo(.)com
web-adstrator.jimdo(.)com
mailboxaccessweb.jimdo(.)com
wbactieve.jimdo(.)com
staffloginitsupportupgrade2013.jimdo(.)com

dutchwebpage.webs(.)com
gameonefor.webs(.)com
e-mailusers.webs(.)com
webcleanup.webs(.)com
staffstudentfacaultymailboxcleanup.webs(.)com

faculty-staff111.yolasite(.)com
verificatinform.yolasite(.)com

I have reported all of them to their respective services.  Webs(.)com is getting real good about acting on abuse 
reports quickly - often within a few minutes.

Our whole list of known web form hosting services used by phishers can be found at:
https://it.usu.edu/computer-security/be-an-internet-skeptic/form-services/

I have crippled all the hostnames so that our mail filter doesn't go crazy when it sees this message come back from the 
SECURITY list.   ;-)

Bob Bayn    SER 301    (435)797-2396       IT Security Team
Office of Information Technology,     Utah State University
     three common hazardous email scams to watch out for:
     1) unfamiliar transaction report from familiar business
     2) attachment with no explanation in message body
     3) "phishing" for your email password