[unisog] phishing attack against email credentials at auckland.ac.nz
seth at net.ohio-state.edu
Mon Jun 6 23:00:03 GMT 2005
On Jun 6, 2005, at 6:45 PM, Peter Van Epp wrote:
> On Tue, Jun 07, 2005 at 10:00:25AM +1200, Russell Fulton wrote:
>> FYI -- starting about an hour ago we are being flooding with
>> emails directed at our email creds many users have received multiple
>> emails with instruction to verify their credentials at
>> "www.auckland.ac.nz" which is actually (in my case)
>> all connection attempts (mostly from concerned IT support staff)
>> but one user got through twice????? and what is even odder that
>> got bounced between the two attempts. (by bounced I mean that the
>> connection timed out -- i.e. no response to the SYN).
> Us too (in the form of me, nice of them to send it to the
> person most
> able to do something useful with it first :-)), same IP. So far
> only a couple
> of other people this way have tried to get there (many less than I
> expected :-))
> according to argus, and all after I blocked it. I did give the
> listed abuse
> address for this site a heads up earlier this morning (only an
> automated reply
> so far though). No other reports from anyone local so I didn't
> think to send
> an alert.
I've grabbed some more copies of the email, and we're actually seeing
18.104.22.168 in addition to 22.214.171.124. Anyone attempting to
block this at their border may want to add that ip address as well.
It also turns out that this doesn't seem to be a phishing attack.
When I connected to the url on 126.96.36.199 I was sent a window
More information about the unisog