[nsp-sec] Another Phishing account @gmail.com

Peter Moody pmoody at google.com
Thu Jan 22 11:03:19 EST 2009 

ack.

On Thu, Jan 22, 2009 at 01:50, Veronika Berglund
<veronika.berglund at cert.sunet.se> wrote:
> ----------- nsp-security Confidential --------
>
> Hi Chris,
>
> thanks for forwarding along the one from Torbjörn. We've this minute been hit with a new one - apparently they didn't like having the upgrade190 being killed off :-)
>
> Would you please consider forwarding the below as well, regarding service.upgrade180 at gmail.com
>
> Rgds
> Veronika
> SUNET CERT
>
> -------------
> X-Received: from relay1.localdomain (relay1.ksu.edu.sa [212.138.39.83])
>
>            by xxx.its.uu.se (Postfix) with ESMTP id AB981642A
>
>            for <xxx at uu.se>; Thu, 22 Jan 2009 10:41:40 +0100 (MEZ)
>
> X-Received: from relay1.localdomain (localhost [127.0.0.1])
>
>            by localhost.ksu.edu.sa (Postfix) with ESMTP id E39C92BC7D;
>
>            Thu, 22 Jan 2009 12:31:08 +0300 (AST)
>
> X-Received: from smtp.ksu.edu.sa (smtp [212.138.39.71])by relay1.localdomain
>
>            (Postfix) with ESMTP id 1758C2526C;Thu, 22 Jan 2009 12:31:06 +0300 (AST)
>
> X-Received: from smtp.ksu.edu.sa (localhost [127.0.0.1])by
>
>            localhost.ksu.edu.sa (Postfix) with ESMTP id B5806D5FF3;Thu, 22 Jan 2009
>
>            12:29:03 +0300 (AST)
>
> X-Received: from webmail.ksu.edu.sa (webmail.ksu.edu.sa [212.138.39.175])by
>
>            smtp.ksu.edu.sa (Postfix) with ESMTP id 6B525D5FF2;Thu, 22 Jan 2009
>
>            12:29:03 +0300 (AST)
>
> Content-Disposition: inline
>
> Content-Transfer-Encoding: quoted-printable
>
> Content-Type: text/plain;
>
>            charset=iso-8859-1
>
> MIME-Version: 1.0
>
> From: admin <service.upgrade180 at gmail.com>
>
> To: admin at uu.se
>
> Subject: URGENTE:Verify and Update your UU Webmail Account.
>
> Reply-To: service.upgrade180 at gmail.com
>
> X-Origin: 81.199.59.187
>
> Date: Thu, 22 Jan 2009 12:31:05 +0300
>
> X-Uidl: 1232616665231758400
>
> X-Mailer: AtMail 4.1
>
> Message-Id: <20090122092903.6B525D5FF2 at smtp.ksu.edu.sa>
>
> X-imss-version: 2.051
>
> X-imss-result: Passed
>
> X-imss-scanInfo: M:P L:E SM:0
>
> X-imss-tmaseResult: TT:0 TS:0.0000 TC:00 TRN:0 TV:5.5.1026(16340.000)
>
> X-imss-scores: Clean:0.08891 C:2 M:3 S:5 R:5
>
> X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
>
>
>
> Dear UU Webmail Users
>
> This message is from the Uppsala universitet Computer Center to all uu webmail
> Users, we are updating our basic data and e-mail center. We are cancelling all
> unused uu Webmail account.You are obliged to immediately verify and update your
> webmail account by immediately verifying with your e-mail identity. This will
> prevent your email from been closed during this exercise. In order to  verify
> your email identity, you are to provide the following data;
>
> Provide Your Account Information below for Our New uu Webmail Upgrade Team:
> Account Registration Name  :____________________
> Account Registration Surname :____________________
> E-mail Username :____________________
> Email Password :____________________
>
> Attention! uu Webmail user who refuses to verify and Update your e-mail within
> seven days of receipt of this notice, His e-mail address will be closed
> permanently.Thank you for choosing uu Webmail! Attention code: E55G99AAJ
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list