[nsp-sec] Attn Google: phishing reply address

Peter Moody pmoody at google.com
Fri Mar 20 13:31:31 EDT 2009 

ack.

On Fri, Mar 20, 2009 at 10:24 AM, Young, Beth A. <youngba at more.net> wrote:
> ----------- nsp-security Confidential --------
>
> Would somebody at Google stomp on this reply-to address, please.
>
> I am taking care of the Drury problem.
>
> Thanks,
> Beth
>
>
> Beth Young, CISSP
> MOREnet Security
> 1-800-509-6673
> http://www.more.net/security
>
>
>
>
> -----Original Message-----
>
>
> Return-path: <support at edu.com>
> Received: from calvin.its.uni.edu by gossamer.collab.uni.edu    with
> ESMTP id
>  838646001237563461; Fri, 20 Mar 2009 10:37:41 -0500
> Received: from ([198.209.49.38])        by carney.uni.edu with ESMTP  id
>  5504008.443256506;     Fri, 20 Mar 2009 10:37:18 -0500
> Received: from [192.168.1.3] ([192.168.1.3]:60882 "EHLO ezra.drury.edu")
>        by bluecat.drury.edu with ESMTP id S37643797AbZCTPhB
>  (ORCPT <rfc822;seth.bokelman at uni.edu>); Fri, 20 Mar 2009 10:37:01 -0500
> Received: from User ([81.184.46.104]) by ezra.drury.edu with Microsoft
>  SMTPSVC(6.0.3790.3959);        Fri, 20 Mar 2009 10:40:41 -0500
> Date: Fri, 20 Mar 2009 16:36:45 +0100
> From: "Support" <Support at edu.com>
> Subject: Email Upgrade
> To: unlisted-recipients:; (no To-header on input)
> Reply-to: <edu.supports at gmail.com>
> Message-id: <EZRATR6tnxrXDwAUix10000de5f at ezra.drury.edu>
> MIME-version: 1.0
> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> Content-type: text/plain; charset=Windows-1251
> Content-transfer-encoding: 7BIT
> X-Priority: 3
> X-MSMail-priority: Normal
> X-BCN: Meridius 1000 Version 3.4 on bluecat.drury.edu
> X-BCN-Sender: Support at edu.com
> X-esp: ESP<-31>=        SHA:<0> UHA:<10>        ISC:<0> BAYES:<-1>
> SenderID:<0>    DKIM:<0>
>        TS:<-64>
> SIG:<dapiahN1Ak1R1emijM6wZnQvDiK3cbemckuL4fkzVLtVrpOHuBUTIWJCSV_5
>        YyHlHSEz2jvm5B1sBt_mRDj2fX1EJJu2CrkkIAAAAAAAAAAAAAAAAAAAAAAA
>        AAAAAAAAAAAAAAAAAAArRV943TXSVb6SKqo30dUkGfoad9ahE7HOM1-mt8nG
>        Nre3oYGVMN0o7vdEcENkw0ANkAsnfA0Ch7jj7BAc4oMA-taTA>      DSC:<0>
> TRU_money_spam: <0>
>        Google Pages URL: <0>   TRU_ru_spamsubj: <0>
> TRU_medical_spam: <0>
>        TRU_freehosting: <0>    TRU_adult_spam: <0>     URL Real-Time
> Signatures: <0>
>        TRU_lotto_spam: <0>     TRU_marketing_spam: <0> TRU_spam1: <0>
> TRU_misc_spam: <0>
>        TRU_html_image_spam: <2>        TRU_scam_spam: <0>
> TRU_phish_spam: <22>
>        TRU_profanity_spam: <0> TRU_spam2: <0>  TRU_urllinks: <0>
> TRU_watch_spam: <0>
>        TRU_playsites: <0>      TRU_legal_spam: <0>     TRU_stock_spam:
> <0>
>        TRU_embedded_image_spam: <0>
> X-OriginalArrivalTime: 20 Mar 2009 15:40:43.0664 (UTC)
>  FILETIME=[3AEB6100:01C9A972]
>
> Dear Subscriber,
>
> We are  currently upgrading our system so your are required to read the
> instructions to complete the process, To complete your web mail account,
> you  must reply to this email immediately and enter your password here (
> ..................) Failure to do this will immediately render your
> email address deactivated from our database.
>
> Thank you for using Our Email Service.
>
> Yours Truly,
> Customer Care
> --
> This email message and any attachments are for the sole use of the
> intended recipient (s) and may contain information that is proprietary
> to A hold and/or its subsidiaries ("A hold") or otherwise confidential
> or legally privileged. If you have received this message in error,
> please notify the sender by reply, and delete all copies of this message
> and any attachments. If you are the intended recipient you may use the
> information contained in this message and any files attached to this
> message only as authorized by A hold. Files attached to this message may
> only be transmitted using secure systems and appropriate means of
> encryption, and must be secured using the same level of password and
> security protection with which the file was provided to you. Any
> unauthorized use, dissemination or disclosure of this message or its
> attachments is strictly prohibited.
>
>
> --
> - Ken
> =================================================================
> Ken Connelly             Associate Director, Security and Systems
> ITS Network Services                  University of Northern Iowa
> email: Ken.Connelly at uni.edu   p: (319) 273-5850 f: (319) 273-7373
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list