[unisog] new University phishing kit

Tim Gurganus tsgurgan at ncsu.edu
Thu Jan 31 17:47:29 GMT 2008 

    Yesterday, our domain, ncsu.edu and Duke was hit with a new phishing 
attack that is hitting other universities today.  Phishers create 
accounts on yahoo.com, live.com or hotmail.com to receive phished 
information.  Where possible, the account name has the name of the 
targeted .edu in the name, like ncsuhelpdesk at yahoo.com, in our case.  
The tailored messages go to all the email addresses they have, over 
2300, in our case.  The message doesn't have grammar errors, supposedly 
comes from the support team for the targeted school and tells the user 
to send their username and password to the phishers.  The From address 
will be something  like support at ncsu.edu, but the Reply-to address will 
be the yahoo, live or hotmail acccount.   The message body says that 
changes are being made to the email system and that they need to verify 
there account by sending their login information.  The subject of the 
message will be something like:  Confirm your email address

    Any phished accounts are used to send lottery spam or more phishing 
emails.  I know there are messages going to vanderbilt.edu and others 
today.  They used one of our phish accounts to send some before we could 
stop it.  We have responded to this by sending email to all our staff 
and faculty to let them know the emails are a scam and that IT will 
never ask them for their password.  If you haven't been hit by this 
attack yet, you may want to post a warning somewhere or broadcast a 
message depending on your policy for broadcasts.  We also programmed our 
mail relays not to deliver anymore messages to the phishers email 
accounts.  These phishers have scripts for using Squirrel mail to send 
spam.  If anyone wants a sample email from this attack, let me know off 
list.  It might be useful for user training.  We get hit with phishing 
attacks for PayPal, Hotmail, eBay,etc all the time.  This is the first 
big one that targeted our domain and phished for email account passwords.

Tim Gurganus
IT Security Officer
NC State University

More information about the unisog mailing list