[unisog] Phishing targeting University Admissions

Martin Sapsed m.sapsed at bangor.ac.uk
Mon Jun 21 13:49:29 GMT 2004


(Sorry this is a bit late - been away)

Eric Pancer wrote:
> Sergent, Phil wrote on Mon, 2004-06-14 at 11:21:27 -0400...
> 
>>You still accept .zip files!?
> 
> We do, as well. It seems to me that not accepting files with
> extensions is merely a horrible work around. What happens when a new
> virus comes out that names the attachment as foo.fi_ and tells the
> user to save the attachment as foo.zip, then open it? 

Is anyone else as surprised as me that our "customers" are willing to 
save attached zip files and then unzip them using the password supplied 
in the e-mail? Or the likelihood suggested above of renaming a mangled 
extension to the right one?

Any bets on the chance of our "customers" being able to do either if we 
*wanted* them to???

Cheers,

Martin

-- 
Martin Sapsed				
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth




More information about the unisog mailing list