Educause Security Discussion mailing list archives
Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers.
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Wed, 4 Sep 2013 18:19:35 +0000
Our three common ones are Jimdo, Webs, and Yola. They're all pretty quick to take down sites, IMHO. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert Meyers Sent: Wednesday, September 4, 2013 8:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. ***** Note from Northwestern University Information Technology (NUIT): This email contains text that has been found in scam messages. We are not suggesting this is a scam, but are asking that you be cautious when replying or clicking any links. If you have concerns or questions please contact your local tech support or security () northwestern edu<mailto:security () northwestern edu>. ***** After receiving a phishing attack I went to jimdo.com's home page and started a chat with their support group. Literally within seconds they took down the phishing page at my request. While it could take all day tracking down every phishing page that shows up, it was gratifying to have them respond so quickly to my request. Bob Meyers WVU Information Security Services ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Michael J Clouse <clousemj () COFC EDU<mailto:clousemj () COFC EDU>> Sent: Tuesday, September 03, 2013 10:13 AM To: The EDUCAUSE Security Constituent Group Listserv; Robert Meyers Subject: Re: [SECURITY] jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. I have created blocks/quarantines in my email gateways for any content with these domains (AND) special words like webmail, quota, or administrator. The quarantine has been very successful blocking all these phishing forms except for a few in other languages. The only ones I am seeing now are from hacked websites. [Description: Description: Description: Description: Description: WM - PMS188] ________________________________ Michael Clouse Security, Identity & Access Management, IT 843-953-8207 or clousemj () cofc edu<mailto:clousemj () cofc edu> College of Charleston Protect your Identity - Learn about Phishing !<http://it.cofc.edu/security/phishing/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Friday, August 30, 2013 10:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. My overnight collection of new phishing links has put jimdo(.)com well ahead of webs(.)com as the host of choice for phish links today. Here's my overnight list: upgreadeyourmailbox.jimdo(.)com dearuserupgreade.jimdo(.)com email-reactivitionlinkaccess.jimdo(.)com itsaccountvalidationprocess.jimdo(.)com routineformaintenance.jimdo(.)com web-adstrator.jimdo(.)com mailboxaccessweb.jimdo(.)com wbactieve.jimdo(.)com staffloginitsupportupgrade2013.jimdo(.)com dutchwebpage.webs(.)com gameonefor.webs(.)com e-mailusers.webs(.)com webcleanup.webs(.)com staffstudentfacaultymailboxcleanup.webs(.)com faculty-staff111.yolasite(.)com verificatinform.yolasite(.)com I have reported all of them to their respective services. Webs(.)com is getting real good about acting on abuse reports quickly - often within a few minutes. Our whole list of known web form hosting services used by phishers can be found at: https://it.usu.edu/computer-security/be-an-internet-skeptic/form-services/ I have crippled all the hostnames so that our mail filter doesn't go crazy when it sees this message come back from the SECURITY list. ;-) Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University three common hazardous email scams to watch out for: 1) unfamiliar transaction report from familiar business 2) attachment with no explanation in message body 3) "phishing" for your email password
Current thread:
- jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Bob Bayn (Aug 30)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Roger A Safian (Aug 30)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Clouse, Michael J (Sep 03)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Robert Meyers (Sep 04)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Roger A Safian (Sep 04)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Greg Williams (Sep 09)
- Re: jimdo(.)com surges ahead of webs(.)com as a favorite of phishers. Robert Meyers (Sep 04)