[nsp-sec] Attn Google, another Gmail phish dropbox

RuthAnne Bevier ruthanne at caltech.edu
Wed Jun 2 18:20:45 EDT 2010 

Thanks for your speedy responses to these.  Here's one from today,
spteam331 at gmail.com.  Full headers and a sample message body are
below:

>From support at webmail.org  Wed Jun  2 14:59:45 2010
Return-Path: <support at webmail.org>
X-Original-To: ipoffice at treqs.caltech.edu
Delivered-To: ipoffice at treqs.caltech.edu
Received: from outgoing-mail.its.caltech.edu
(outgoing-mail.its.caltech.edu
[131.215.239.19])
	by jonola.caltech.edu (Postfix) with ESMTP id 794E116EFC
	for <ipoffice at treqs.caltech.edu>; Wed,  2 Jun 2010 14:59:45
-0700 (PDT)
Received: from treqs-delivery.caltech.edu (localhost [127.0.0.1])
	by earth-doxen-postvirus (Postfix) with ESMTP id
E6AEF66E0280
	for <ipoffice at treqs.caltech.edu>; Wed,  2 Jun 2010 14:59:44
-0700 (PDT)
X-Mailbox-Line: From SRS0+lFqg+2+webmail.org=support at cworks.com.my
Wed Jun
 2 14: 59:44 2010
X-Original-To: ipoffice at caltech.edu
Delivered-To: ipoffice at caltech.edu
Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
	by earth-doxen-postvirus (Postfix) with ESMTP id
99C9A66E02B7
	for <ipoffice at caltech.edu>; Wed,  2 Jun 2010 14:59:44 -0700
(PDT)
X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: 4.197
X-Spam-Level: ****
X-Spam-Status: No, score=4.197 tagged_above=-10000 required=5
	tests=[FORGED_MUA_OUTLOOK=4.199, SPF_HELO_PASS=-0.001,
	SPF_PASS=-0.001] autolearn=disabled
Received: from cworks.com.my (cworks.com.my [202.9.101.248])
	by earth-doxen-external (Postfix) with ESMTP id CAD5766E0280
	for <ipoffice at caltech.edu>; Wed,  2 Jun 2010 14:59:41 -0700
(PDT)
Received: from User (unverified [41.138.185.102]) 
	by cworks.com.my (SurgeMail 3.7b8) with ESMTP id 1008722 
	for multiple; Thu, 03 Jun 2010 05:19:57 +0800
Reply-To: <spteam331 at gmail.com>
From: "WEBMAIL TECHNICAL SUPPORT"<support at webmail.org>
Subject: Email account upgrade.
Date: Wed, 2 Jun 2010 22:19:46 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Server: High Performance Mail Server - http://surgemail.com
r=1842832036
Message-ID: <1275513598_2139 at cworkssystember>
X-Authenticated-User: sales at cworks.com.my 
To: undisclosed-recipients:;
X-TBCK-ID: cda879f238e8d8a550a822a4cf213854
X-TBCK-Status: First;AllClear;0


Attn. Webmail Users,
 
We regret to announce to you that we will be doing some vital
maintenance
on our Webmail accounts. During this process you might have login
problems
in signing into your account, but to prevent this you have to
confirm your
account immediately after you receive this notification.
 
To confirm and to keep your Webmail account active during and after
this
process, please reply to this message with the below account
information's.
Failure to do this might cause a permanent deactivation of your
webmail
account from our database to enable us create more space for
upcoming
subscribers.
 
To confirm your account, send your webmail account stating:
 
Email Address:
Password:
 
Your account shall remain active after we have successfully
confirmed and
upgraded your account.
 
Thank you for your swift response to this notification we apologize
for any
inconvenience.
 
Technical Support
 
Copyright 2010 - Internet Communications - All Rights Reserved.


-- 
RuthAnne Bevier
Information Security
California Institute of Technology   
626-395-2671
ruthanne at caltech.edu

More information about the nsp-security mailing list