[nsp-sec] Yahoo phising account
Smith, Donald
Donald.Smith at qwest.com
Thu May 22 12:07:54 EDT 2008
Serge did your phishing look something like this:
> Dear User
>
> This mail is to notify all users that the site will be undergoing
> upgrade in a couple of days from now.
>
> Hence, as a user of our site, you are required to send us your email
> account details to enable us acknowledge account activeness
>
> Furthermore, be informed that we will be deleting all mail account
> that is not active so as to create more space for new users.
>
> Therefore you are advice to send us your mail account details As
> requested below
>
> *User name:.........
> *Password:..............
> *Date of birth:................
> *Security question:.............
> *Security answer:......................
>
> All users are advise to complete this update.
> Regards
>
> Mark Anderson
> Tech/Maintenance officer
We saw this related to universities starting about the beginning of the
year but it has moved to "targeting" ISPs now.
Notice they are not even personalizing the content just the from line is
"personalized".
Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Serge Droz
> Sent: Thursday, May 22, 2008 10:02 AM
> To: nsp-security NSP
> Subject: [nsp-sec] Yahoo phising account
>
> ----------- nsp-security Confidential --------
>
> Hello Yahoo,
>
> we have a phishing attack here, requiring people to submit stuff to
>
> Reply-To: account.desk at y7mail.com
>
> Could someone from yahoo please suspend this account.
> We would be interested in the 'usernames' which have been compromised.
>
> Thanks for any help
>
> Serge
>
>
>
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Serge Droz, SWITCH-CERT
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> phone +41 44 268 15 63, fax +41 44 268 15 78
> serge.droz at switch.ch, http://www.switch.ch
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list