nanog mailing list archives

Re: phishing attacks against ISPs (also with Google translations)

From: William Allen Simpson <william.allen.simpson () gmail com>
Date: Wed, 25 Mar 2009 14:16:14 -0400

Gadi Evron wrote:

The guy mentioned the concept of sending warning emails to customers tobegin with. His opinion is that it is a mistake, and only causesconfusion. On top of that it raises support desk costs as people call infor explanation, as well as to report new fraudulent emails they seewhile in the past they mostly just ignored them.

The earliest warning email we sent out to customers was:

# Date: Mon, 11 Aug 2003 15:34:43 -0500
# Subject: New Virus Warning
#...
# There is a new virus spreading around the internet. It has a subject like
# "your account" and it has the following text in it:
#
# > I would like to inform you about important information regarding your
# > email address. This email address will be expiring.
# > Please read attachment for details.
#...

I don't remember an uptick in support calls after that message, but there
were plenty of calls about the phish message itself, so we hoped that
sending a warning to everybody would reduce the problems.

We'd had a user taken over, and then the account was used for so much spam
that the bounce messages totally filled the incoming mail (filter) server.

I appreciate your feedback, I had no idea ISP phishing goes all the wayback to 2003..


Ha!  Goes back much farther than that!  The earliest I have at my
fingertips (saved email on this laptop only goes back to 1999):

# DATE: 27 Dec 00 7:43:14 PM
# SUBJECT: re: your account
#
That was a web phish at hxxp://vaginaonline.com/a.usertrack2781.75/5/

And they were obviously tracking exactly which users responded!

You'd think our customers would notice that domain wasn't us. ;-)

But even today, it's a security problem that users don't notice the URL
they're clicking, or pay attention to security warnings less subtle than
a big gray popup dialog box....

although dictionary attacks may not be best defined thatway. Definition discussions are boring though.

I meant that they tried every word in the dictionary for user names, maybe
every combination of letters and numbers.

Anyway, I was wrong about the most recent one that I'd saved.  Who could
forget the especially virulent (976 Google hits):

# Date: Tue, 16 Mar 2004 10:59:13 +0100
# Subject: Important notify about your e-mail account.

Anyway, none of this helps you with researching non-English ISP phishing.
But it shows that this isn't a /new/ problem around here.

Current thread:

phishing attacks against ISPs (also with Google translations) Gadi Evron (Mar 25)
- Re: phishing attacks against ISPs (also with Google translations) Paul Wall (Mar 25)
  - Re: phishing attacks against ISPs (also with Google translations) William Allen Simpson (Mar 25)
    - Re: phishing attacks against ISPs (also with Google translations) Gadi Evron (Mar 25)
    - Re: phishing attacks against ISPs (also with Google translations) William Allen Simpson (Mar 25)
    - Re: phishing attacks against ISPs (also with Google translations) Paul Ferguson (Mar 25)
  - Re: phishing attacks against ISPs (also with Google translations) Valdis . Kletnieks (Mar 25)