[nsp-sec] Phishing dropbox @googlemail.com

SURFcert - Peter p.g.m.peters at utwente.nl
Mon Feb 16 11:32:37 EST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SURFcert - Peter wrote on 16-2-2009 17:13:

> Could somebody kill helpdesk943 at googlemail.com? We are receiving
> phishing mail with that reply-to address.

This is a nasty run. They are using different numbers behind helpdesk.
At the moment we are also getting mail from helpdesk897 at googlemail.com.

And the mail seems to be send through Google. Please disable this user
of yours.

Headers:

Received: from mail.service.utwente.nl ([130.89.5.253]) by
exchange.service.utwente.nl with Microsoft SMTPSVC(6.0.3790.3959);
	 Mon, 16 Feb 2009 17:08:14 +0100
Received: from mx.utwente.nl ([130.89.2.14]) by mail.service.utwente.nl
with Microsoft SMTPSVC(6.0.3790.3959);
	 Mon, 16 Feb 2009 17:08:14 +0100
Received: from mail-gx0-f174.google.com (mail-gx0-f174.google.com
[209.85.217.174])
          by mx.utwente.nl (8.12.10/SuSE Linux 0.7) with ESMTP id
n1GG86IS001444;
          Mon, 16 Feb 2009 17:08:06 +0100
Received: by gxk22 with SMTP id 22so1337433gxk.12
        for <multiple recipients>; Mon, 16 Feb 2009 08:08:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=domainkey-signature:mime-version:received:date:message-id:subject
         :from:to:content-type;
        bh=WaZfeq2Z+PF1hTgKJTOtRfPCQKKvjKNQa02aapbmI6Y=;
        b=kJEY77t0/hPf3k0vGSsfkGgm+D54+uM6bjdAOvV/CMtLl9XFDZlMXdBGFGCTWAbV/M

E+Xjso+fAS7YpQFfOnanf56K0TDkeXu7oClw9OUv4Gk5XeBW505X68LBJH35WwYv6Kat
         qkr7Jka9x4CoUgF+O2h++Y+xQlDPuH+Hhm9GQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type;
        b=G8QHeMCuI5aOhMWUa/e02+8ddNjbCDpfnPcITFT4CkLit25J1MO2CYPoYkQ/ZFhcfi

++5dKC+y/fxqSV1z6k+VgHfwEftcljTqSyCTpXQq0WLjBNeow3Byah46UASdARu2l2YE
         CJEiH9h6fkM7eRppagH6vTGrNjlyzGO8ujil0=
MIME-Version: 1.0
Received: by 10.220.84.20 with SMTP id h20mr1000450vcl.60.1234800485959;
Mon,
	16 Feb 2009 08:08:05 -0800 (PST)
Date: Mon, 16 Feb 2009 16:08:05 +0000
Message-ID: <da7d69a50902160808k5eca5d59nbbc90c1e1763cafb at mail.gmail.com>
Subject: Urgente: Controleer en Update uw utwente.nl Webmail-account.
From: admin admin <helpdesk943 at googlemail.com>
To: admin at utwente.nl
Content-Type: multipart/alternative; boundary=00163630fd29558b4404630b6418
X-UTwente-MailScanner-Information: Scanned by MailScanner. Contact
servicedesk at icts.utwente.nl for more information.
X-UTwente-MailScanner: Found to be clean
X-UTwente-MailScanner-From: helpdesk943 at googlemail.com
X-Spam-Status: No
Return-Path: helpdesk943 at googlemail.com
X-OriginalArrivalTime: 16 Feb 2009 16:08:14.0286 (UTC)
FILETIME=[C58C4EE0:01C99050]

- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl                            http://cert.surfnet.nl/
office-hours: +31 302 305 305    emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJmZUjelLo80lrIdIRAjioAJ4+nMlMSWuZEOLaJoglLXCZQMSw7wCeKQK2
ThlL+SG87kqQgy+joZlv8To=
=/hN2
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list