MIT e-mail phish attempt
Dennis Davis
D.H.Davis at bath.ac.uk
Tue Feb 10 04:13:44 EST 2009
On Mon, 9 Feb 2009, Will Fiveash wrote:
> From: Will Fiveash <William.Fiveash at sun.com>
> To: Tom Yu <tlyu at mit.edu>, Ken Raeburn <raeburn at mit.edu>
> Cc: MIT Kerberos Dev List <krbdev at mit.edu>,
> MIT Kerberos List <kerberos at mit.edu>
> Date: Mon, 9 Feb 2009 22:37:36 -0600
> Subject: MIT e-mail phish attempt
>
> Just got the attached e-mail (which I bzip2ed) that contained:
>
> Date: Mon, 09 Feb 2009 23:23:12 -0500 (EST)
> From: MIT Support Team <supportteam at MIT.EDU>
> Subject:
> To: undisclosed-recipients: ;
>
> Dear mit.edu User,
>
> Your email account has been used to send numerous Spam mails recently from
> a foreign IP. As a result, the mit.edu has received advice to suspend your
> account. However, you might not be the one promoting this Spam, as your
> email account might have been compromised. To protect your account from
> sending spam mails, you are to confirm your true ownership of this account
> by providing your original username (*******) and PASSWORD (*******) as a
> reply to this message. On receipt of the requested information, the
> "mit.edu" web email support shall block your account from Spam.
>
> Failure to do this will violate the mit.edu email terms & conditions. This
> will render your account inactive.
This is a very common attack against usernames/passwords. We, and
others, are seeing a lot of these. Usually the Reply-To address is
set to a separate account used to capture account details from the
reply.
See:
http://code.google.com/p/anti-phishing-email-reply/
for a project which targets the Reply-To address. I also believe
the Sanesecurity anti-phishing signatures at:
http://www.sanesecurity.com/
will defend against some of these attacks.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis at bath.ac.uk Phone: +44 1225 386101
More information about the Kerberos
mailing list