[nsp-sec] Edu phish using a Gmail address

Tue Nov 3 21:08:46 EST 2009

sent along to internal abuse folken, thanks!

On Tue, 3 Nov 2009, RuthAnne Bevier wrote:

> ----------- nsp-security Confidential --------
>
> Google, here is a copy of a recent phish using a Gmail address:
>
>> X-Original-To: xxxx at caltech.edu
>> X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
>> X-Spam-Flag: NO
>> X-Spam-Score: 3.096
>> X-Spam-Level: ***
>> X-Spam-Status: No, score=3.096 tagged_above=-10000 required=5
>>         tests=[HTML_MESSAGE=0.001, MISSING_SUBJECT=1.285, PBJ_FRM_NUM1=0.6,
>>         SPF_NEUTRAL=1.21] autolearn=disabled
>> X-Yahoo-Newman-Property: ymail-3
>> X-Yahoo-Newman-Id: 405458.85274.bm at omp101.mail.aue.yahoo.com
>> X-YMail-OSG:
>> Gzj4pvQVM1nR3HT5ewK2FZjEVI51UYu5kB9Tg6PxBj.s6uP.p8a_SWq7JnI1cSN.YGi18.pPTUay2OB8f8XHz7o7ftSK8onCe9uvLNQz0p3q9m5v9EuE9OV5rrgjCCrIWhF6Iq0_DW7E87D1sulj0MhLMxbF0dsK7x_0ybegbOOLgZV_ASKGdIr3vvEb9vuwjmne6C6uYE9jm0hjaOwUVLIWGwxuduV9rhf6KCJSMHEUv0D5lJrcF0957EiVhshYxIBW7C5ruVcC1Ls9xQMJLxhO7G3cs5sNOi2eUXTO7AZg8cepz4vMmJYSFWMeKNq7vPbW_Jna7B9R8DUEci_NR_m1t5KnrgSbUHQa.WwA9pSxK57K_rPJjAkf_rYpW9CJ2TkGjD5KLcXJ2Xbbd3Rb.MvluHipGSsJHYlzau6syRcABCbvI6eLnAgNY8DzurVGnCisNx6xSn4wQ77lSiEEGCDScEA_dYT6e7lE2JN7PcHmE_wK.VnH83DKshw1_NaGIrpgkdmHc4SmBv12SQQSuK2C9btG5rYZNdG959.Fa6B6OZtF5hXQArTn1joMexUTF7ZujsFvlBsxBLJqplWkg_XhR.jrmMAVY86pwsd82d6sUOh_.lPxSXQTuRDV6fpDmFrXM5szfoVxcWe3WQkWvSoguVlzfjgFA64OalwrSpGGIYiKAcuCWWehkeaY1LlueOMrAQvvOn.yhaBK3b.kC4oPM4ErX7K7PqbiH3dmjOxdTid2iez0RQ3IoW_U91Y23febWqLRCOyKhI.BVAAyAu5D75qDc0yu319GjxfdvJN2JUH1fzu.yTYoDpWQSins_moUhm22sG1sHf3CyePCKTk0qTlekiWqIXOCRGb1gtfa.98jtsn_j5AbFmcdmgZRT2PAz3ryMjeQqpBMwyNblRUD38kei9Bj7c8Ld6NLh9DotmLctJafYnCYq4KmhwdnMs9RtwP5cf8gMkJ9o
>>
>> vnU16rxDWglUrOMgy1Dvd2xHhlllMkdHY2ZIFYyUVAjG0DeP4aQXSeH0DPx0QB6ypDxubEnZqlkWFVnnJYpBMNRxPW1nijgzKCeyoeGbZD9vYKA3UZX_auXuBWzZ._.CgZj4QPqIcmcE9N2OKhQJgA61HsJQrg7wcyC2gz.gLeaPWDulBPGXhnio2mYyIl0MZyO7brkqCSTu8iDMM7U3Y3NMhfsS.A2sdXpirHNMmMBZhGsEV829gon8ESSrn3A5Kb.Mv7RRYnJi3J0rxV_8w3GsG6qF4PDemYDXEiqwM.Gno2aQ2cn2T0rxweAH96k2KGG9R8ZdrjbYfCRwaFN1NAp11qxQX5bTW0ngUqeJB0RIb5qUltWJQJSgeEBJfHcfoFhOLsxg2JU2ecGKCrvZwe0ASQb5FbUb_y1xnchIDY-
>> X-RocketYMMF: sport-neill at xtra.co.nz
>> X-Mailer: YahooMailClassic/8.0.7 YahooMailWebService/0.7.361.4
>> Date: Mon, 2 Nov 2009 11:43:34 -0800 (PST)
>> From: Support Help Desk <suppothelpoffice2009 at gmail.com>
>> Reply-To: suppothelpoffice2009 at gmail.com
>> To: undisclosed recipients: ;
>>
>>
>>
>> Dear Student/Staff Email Account Users...
>>
>> We regret to announce to you that we will be making some vital
>> maintainance on the College E-mail. During this process
>> you might have login problems in signing into your Online account, but
>> to prevent this you have to confirm your account immediately after you
>> receive this notification.
>>
>> To confirm and to keep your account active during and after this
>> process, please reply to this message with the below account
>> information's. Failure to do this might cause a permanent deactivation
>> of your user account from our database to enable us create more spaces
>> for new users.
>>
>> YOUR EMAIL ACCOUNT CONFIRMATION
>>
>> Name:
>> E-mail ID:
>> E-mail Password:
>> Date of birth:
>> Do you Use Microsoft Outlook Web Access?
>>
>> Your account shall remain active after you have successfully confirmed
>> your account details.This is a scheduled maintenance period that will
>> be occurring each month due to the amount of junk.
>>
>> Thanks for bearing with us
>>
>> XEMAIL ACCOUNT TEAM
>>
>> Warning Code: 002671
>>
>> Regards
>> Help & Resources Help Desk
>
>
>
> --
> RuthAnne Bevier
> Information Security
> California Institute of Technology
> 626-395-2671
> ruthanne at caltech.edu
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>