[unisog] phishing attack against email credentials at auckland.ac.nz

Peter Van Epp vanepp at sfu.ca
Mon Jun 6 22:45:37 GMT 2005


On Tue, Jun 07, 2005 at 10:00:25AM +1200, Russell Fulton wrote:
>  FYI -- starting about an hour ago we are being flooding with phishing
> emails directed at our email creds many users have received multiple
> emails with instruction to verify their credentials at
> "www.auckland.ac.nz" which is actually (in my case)
> http://209.67.220.164/confirm.php?email=r.fulton@auckland.ac.nz almost
> all connection attempts (mostly from concerned IT support staff) bounced
> but one user got through twice?????  and what is even odder that others
> got bounced between the two attempts.  (by bounced I mean that the
> connection timed out -- i.e. no response to the SYN).
> 
> I've blocked traffic to the address on the firewall now.
> 
> I've appended a copy of variants. One of which was routed through
> messagelabs (yes the headers confirm this).
> 
> Cheers, Russell
> -- 
> Russell Fulton, Information Security Officer, The University of Auckland
> New Zealand
>   
> 

	Us too (in the form of me, nice of them to send it to the person most 
able to do something useful with it first :-)), same IP. So far only a couple 
of other people this way have tried to get there (many less than I expected :-))
according to argus, and all after I blocked it. I did give the listed abuse
address for this site a heads up earlier this morning (only an automated reply
so far though). No other reports from anyone local so I didn't think to send
an alert.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


More information about the unisog mailing list