[nsp-sec] Misuse of live.com account

Serge Droz serge.droz at switch.ch
Sun Jan 25 06:59:44 EST 2009 

Hello,

We have another phising run, with a live.com reply

   uknl-claims-dept02 at live.com

address.

And yes, people are falling for this ...

Thanks for handling
Serge

Return-Path: <players at uknl.co.uk>
X-Original-To: mbrennen at fni.com
Received: from frodo.fni.com (frodo.fishnet.us [204.15.54.11])
      by fsmail.fni.com (Postfix) with ESMTP id 121C01111EB0
      for <mbrennen at fni.com>; Thu, 22 Jan 2009 08:39:53 -0600 (CST)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
      by frodo.fni.com (Postfix) with ESMTP id A32528C4009
      for <mbrennen at fni.com>; Thu, 22 Jan 2009 08:39:52 -0600 (CST)
X-Spam-Virus: No
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on frodo.fishnet.us
X-Spam-Level:
X-Spam-Status: No, score=-3.7 required=5.5 tests=BAYES_50,FNI_LIVECOM_B,
      FNI_LIVECOM_U,RCVD_IN_DNSWL_MED,TW_KN autolearn=disabled version=3.2.5
Received: from XSMTP0.ethz.ch (xsmtp0.ethz.ch [82.130.70.14])
      by srmail1.fni.com (Postfix) with ESMTP id BEFC812B00EA
      for <mbrennen at fni.com>; Thu, 22 Jan 2009 08:39:45 -0600 (CST)
Received: from xfe2.d.ethz.ch ([82.130.124.42]) by XSMTP0.ethz.ch with
Microsoft
       SMTPSVC(6.0.3790.3959);
       Thu, 22 Jan 2009 15:37:36 +0100
Received: from webmail.ethz.ch ([129.132.196.53]) by xfe2.d.ethz.ch over TLS
      secured channel with Microsoft SMTPSVC(6.0.3790.3959);
       Thu, 22 Jan 2009 15:37:33 +0100
Received: from 41.220.75.3
          (SquirrelMail authenticated user jabrial)
          by webmail.ethz.ch with HTTP;
          Thu, 22 Jan 2009 14:37:33 -0000 (UTC)
Message-ID: <00d4bd71fda8b4ce1facdc4cd6076aab.squirrel at webmail.ethz.ch>
Date: Thu, 22 Jan 2009 14:37:33 -0000 (UTC)
Subject: Email Notification!
From: "UK NATIONAL LOTTERY" <players at uknl.co.uk>
Reply-To: uknl-claims-dept02 at live.com
User-Agent: SquirrelMail/1.5.2 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-OriginalArrivalTime: 22 Jan 2009 14:37:33.0580 (UTC)
      FILETIME=[F64EB4C0:01C97C9E]
To: undisclosed-recipients:;
Content-Transfer-Encoding: quoted-printable




We are pleased to notify you that your email address
   won the sum of =A3850,000 GBP from our monthly UK National
   Online Promotion held on 19th of January 2009 and released
   22th January 2009. You have therefore been approved
   To claim a total sum of =A3850,000 (Eight Hundred And Fifty
   Thousand Pounds).
   Ticket No. 5647 5600 545 188
   Contact agent for your claims.
   ***************************************
   1. Agent Name: Mr. Edward Connor
   2. Agent Email: uknl-claims-dept02 at live.com
   3. Agent Tel: +44 7035 954 072
   ***************************************
   Claims Requirements:
   1. Full Name:
   2. Home Address:
   3. Age:
   4. Sex:
   5. Tel:
   6. Occupation:
   7. Country Of Residence:
   8. Nationality:
   9. Amount Won:
   ***************************************
   Send all details to uknl-claims-dept02 at live.com only.
   Yours Sincerely,
   Sander Holmes.
   (Web-Email Information Manager)

-- 
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch

More information about the nsp-security mailing list