[unisog] phishing attack against email credentials at auckland.ac.nz

Ken Connelly Ken.Connelly at uni.edu
Tue Jun 7 02:02:20 GMT 2005

Is there a consistent envelope-from address on these, or are they coming 
from all over via infected machines?

- ken

Russell Fulton wrote:

> FYI -- starting about an hour ago we are being flooding with phishing
>emails directed at our email creds many users have received multiple
>emails with instruction to verify their credentials at
>"www.auckland.ac.nz" which is actually (in my case)
> almost
>all connection attempts (mostly from concerned IT support staff) bounced
>but one user got through twice?????  and what is even odder that others
>got bounced between the two attempts.  (by bounced I mean that the
>connection timed out -- i.e. no response to the SYN).
>I've blocked traffic to the address on the firewall now.
>I've appended a copy of variants. One of which was routed through
>messagelabs (yes the headers confirm this).
>Cheers, Russell
>unisog mailing list
>unisog at lists.sans.org

More information about the unisog mailing list