[nsp-sec] Google: spear phish o the day

John Haskins jah at ucsc.edu
Sat Jul 12 13:29:51 EDT 2008 

UCSC has reports of several of these this morning:

   Reply-To: webmail.alert8 at gmail.com

Specimen below, sorry about the incomplete header.

thanks,
john haskins
UCSC

>X-Autogenerated: group
>X-UCSC-CATS-MailScanner: found to be clean
>X-UCSC-CATS-MailScanner-SpamCheck: not spam, spamassassin (score=0, required=5, autolearn=disabled, MISSING_HEADERS)
>X-UCSC-CATS-MailScanner-SpamScore:
>X-UCSC-CATS-MailScanner-From: <alert at ucsc.edu>
>X-UCSC-EDU-Sender: <alert at ucsc.edu>
>X-UCSC-EDU-Scanned-By: email-prod-mx-2.ucsc.edu
>X-UCSC-EDU-Submitted-Via: SMTP [210.212.206.67]
>X-UCSC-EDU-ClamAVCheck: not spam, ClamAV(signaure=none)
>X-UCSC-EDU-SpamCheck: No, score=0 required=5 tests=MISSING_HEADERS
>X-UCSC-EDU-SpamScore:
>X-UCSC-EDU-SpamFlag: NO
>X-UCSC-EDU-SpamReport: 0.0 MISSING_HEADERS        Missing To: header
>Date: Sat, 12 Jul 2008 17:40:40 +0530 (IST)
>Subject: This is a WebNews Email Account  Update Now!!!
>From: "alert at ucsc.edu" <alert at ucsc.edu>
>Reply-To: webmail.alert8 at gmail.com
>
>-----------------------------------------------------------------------
>                This is a WebNews Email Account  Update
>                  See the below mailing information
>
>-----------------------------------------------------------------------
>Update Your ucsc.edu Email Now.
>
>Dear ucsc.edu Email Owner,This message is from ucsc.edu messaging center
>to all ucsc.edu Email owners. We are currently upgrading
>our data base and e-mail center. We are deleting all unused ucsc.edu email
>to create more space for new one.To prevent your
>account from closing you will have to update it below so that we will know
>that it's a present used account.
>
>However ucsc.edu has been receiving complaints from our customers for
>unauthorised use of the ucsc.edu Email. As a result we are
>making an extra security check on all of our Customers mailbox in order to
>protect their information from theft and
>fraud.
>
>Warning!!! Email owner that refuses to update his or her Email,within
>4working days of receiving this warning will lose his
>or her Email permanently.
>
>Requested Information
>Your Full Name.......
>Email Username: ......
>Email Password: ......
>Date of Birth: .......
>Country or Territory:...
>
>Thanks for your co-operation.
>
>Copyright @2008 ucsc.edu. All rights reserved.

More information about the nsp-security mailing list