[unisog] new University phishing kit
Joseph Brennan
brennan at columbia.edu
Thu Jan 31 19:41:28 GMT 2008
There seem to be two kinds.
Purdue.edu got the first kind on Monday, as I can see from our users
reporting forwarded mail to us. These were sent from Purdue's own
web mail system, IMP, which may have evaded filtering. The envelope
sender and the header From were the purdue.edu account that was
used to send, although the header From had the name changed to be
EDU ACCOUNT UPGRADE TEAM. The subject was VERIFY YOUR EMAIL ACCOUNT
NOW. The recipient is asked to reply giving address, password, date
of birth, and country. Is the date of birth requested so that the
spammer can call in and have the account reactivated?
We were sent just a few of the other kind yesterday, most of them
to unknown recipients. The one that was reported is from a dot-com
I never heard of. Envelope sender was nobody@ the dot-com (a web
mail service account?), header From was "wisc.edu" <support at wisc.edu>,
and Reply-to was wischelpdesk at yahoo.com-- a little strange since it
was addressed to a user @columbia.edu (and it was sent direct from
the origin to columbia.edu). The subject is "Confirm Your E-mail
Address". This text says "Whilst we have found the vulnerability"
(whilst!), and asks only for the password. Spamassassin score 0
for this one... pretty nice work.
Joseph Brennan
Columbia University Information Technology
More information about the unisog
mailing list