Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT

[Matthew Black <black () csulb edu>]

On Sat, 24 May 2008 17:14:33 +0100
 Graeme Fowler <graeme () graemef net> wrote:
> On Sat, 2008-05-24 at 17:02 +0200, Peter Dambier wrote:
> > I dont trust it:
>
> Quite right too, it's a spear-phishing attack. This is currently an
> almost daily occurrence for .edu domains.
>
> The compromised accounts are frequently abused via webmail systems,
> being used to send out more scams.
>
> The scammers responsible are also targeting UK higher ed institutions,
> with a limited degree of success. I can't really speak for my US
> counterparts with regards the success of the attacks, but one would
> surmise that it's more or less the same. To paraphrase badly:
>
> All users are gullible, but some are more gullible than others.
>
> -g


As a US EDU, I can attest to the fact that a handful of
our webmail accounts have been compromised and subsequently
used to send out these types of phishing attacks. We never
figured out how the accounts were compromised. I suspect
users with hand-held devices are being snooped when they
use IMAP. Our webmail is SSL, but not IMAP.

Most of the spammers' messages appear as though someone
is manually using their cut & paste to generate the spam,
not anything automated (based on the rate messages go out.
Seems rather tedious.


matthew black
e-mail postmaster
network services
california state university, long beach