[unisog] phishing attack against email credentials at auckland.ac.nz

Russell Fulton r.fulton at auckland.ac.nz
Mon Jun 6 22:00:25 GMT 2005


 FYI -- starting about an hour ago we are being flooding with phishing
emails directed at our email creds many users have received multiple
emails with instruction to verify their credentials at
"www.auckland.ac.nz" which is actually (in my case)
http://209.67.220.164/confirm.php?email=r.fulton@auckland.ac.nz almost
all connection attempts (mostly from concerned IT support staff) bounced
but one user got through twice?????  and what is even odder that others
got bounced between the two attempts.  (by bounced I mean that the
connection timed out -- i.e. no response to the SYN).

I've blocked traffic to the address on the firewall now.

I've appended a copy of variants. One of which was routed through
messagelabs (yes the headers confirm this).

Cheers, Russell
-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand
  

                              From: 
service at auckland.ac.nz
                                To: 
r.fulton at auckland.ac.nz
                           Subject: 
*IMPORTANT* Please Confirm Your
Account
                              Date: 
Mon, 6 Jun 2005 16:03:46 -0500
(Tue, 09:03 NZST)


Dear Valued Member, 

According to our site policy you will have to confirm your account by
the following link or else your account will be suspended within 24
hours for security reasons.

http://www.auckland.ac.nz/confirm.php?email=r.fulton@auckland.ac.nz

Thank you for your attention to this question. We apologize for any
inconvenience.

Sincerely,Auckland Security Department Assistant.


                              From: 
service at auckland.ac.nz
                                To: 
r.fulton at auckland.ac.nz
                           Subject: 
Important Notification
                              Date: 
Mon, 6 Jun 2005 13:14:02 -0800
(Tue, 09:14 NZST)


Dear Valued Member, 

According to our site policy you will have to confirm your account by
the following link or else your account will be suspended within 24
hours for security reasons.

http://www.auckland.ac.nz/confirm.php?email=r.fulton@auckland.ac.nz

Thank you for your attention to this question. We apologize for any
inconvenience.

Sincerely,Auckland Security Department Assistant.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/unisog/attachments/20050607/e0c10763/attachment.bin


More information about the unisog mailing list