[unisog] new University phishing kit
Tim Gurganus
tsgurgan at ncsu.edu
Thu Jan 31 17:47:29 GMT 2008
Yesterday, our domain, ncsu.edu and Duke was hit with a new phishing
attack that is hitting other universities today. Phishers create
accounts on yahoo.com, live.com or hotmail.com to receive phished
information. Where possible, the account name has the name of the
targeted .edu in the name, like ncsuhelpdesk at yahoo.com, in our case.
The tailored messages go to all the email addresses they have, over
2300, in our case. The message doesn't have grammar errors, supposedly
comes from the support team for the targeted school and tells the user
to send their username and password to the phishers. The From address
will be something like support at ncsu.edu, but the Reply-to address will
be the yahoo, live or hotmail acccount. The message body says that
changes are being made to the email system and that they need to verify
there account by sending their login information. The subject of the
message will be something like: Confirm your email address
Any phished accounts are used to send lottery spam or more phishing
emails. I know there are messages going to vanderbilt.edu and others
today. They used one of our phish accounts to send some before we could
stop it. We have responded to this by sending email to all our staff
and faculty to let them know the emails are a scam and that IT will
never ask them for their password. If you haven't been hit by this
attack yet, you may want to post a warning somewhere or broadcast a
message depending on your policy for broadcasts. We also programmed our
mail relays not to deliver anymore messages to the phishers email
accounts. These phishers have scripts for using Squirrel mail to send
spam. If anyone wants a sample email from this attack, let me know off
list. It might be useful for user training. We get hit with phishing
attacks for PayPal, Hotmail, eBay,etc all the time. This is the first
big one that targeted our domain and phished for email account passwords.
Tim Gurganus
IT Security Officer
NC State University
More information about the unisog
mailing list