[nsp-sec] ATTN: Google - phishing dropbox

Peter Moody pmoody at google.com
Fri Mar 19 11:24:13 EDT 2010 

ackzor.

thanks.

On Fri, Mar 19, 2010 at 6:15 AM, Daniel Adinolfi <dra1 at cornell.edu> wrote:

> ----------- nsp-security Confidential --------
>
> Folks,
>
> This morning's phishing dropbox is google's.
>
> Reply-To: "status3737 at gmail.com" <status3737 at gmail.com>
>
> Can Google please run this account over with their StreetView Van?
>
> Thanks.
>
> -Dan
>
>
>
> Received: from orchid.mail.cornell.edu (132.236.56.61) by
> CASHUB01.exchange.cornell.edu (10.16.197.20) with Microsoft SMTP Server id
> 8.1.393.1; Fri, 19 Mar 2010 05:22:19 -0400
> Received: (from daemon at localhost)       by orchid.mail.cornell.edu(8.13.6/8.13.6)
> id o2J9MI3d014351;      Fri, 19 Mar 2010 05:22:18 -0400 (EDT)
> Received: from nmc.cit.cornell.edu (yucca.cit.cornell.edu[128.253.180.83])     by
> orchid.mail.cornell.edu (8.13.6/8.13.6) with ESMTP id o2J9MI0g014346;
> Fri, 19
> Mar 2010 05:22:18 -0400 (EDT)
> Received: from hermes1.mail.cornell.edu (hermes1.mail.cornell.edu
> [132.236.56.12])        by nmc.cit.cornell.edu (8.13.8/8.13.4) with ESMTP
> id
> o2J9MEvb009953  for <security-backline at yucca.cit.cornell.edu>; Fri, 19 Mar
> 2010 05:22:14 -0400 (EDT)
> Received: from soapstone1.mail.cornell.edu (soapstone1.mail.cornell.edu
> [128.253.83.143])       by hermes1.mail.cornell.edu (8.13.6/8.12.6) with
> ESMTP id
> o2J9MDQg015044  for <security-backline at nmc.cit.cornell.edu>; Fri, 19 Mar
> 2010
> 05:22:13 -0400 (EDT)
> Received: from poppy.mail.cornell.edu (poppy.mail.cornell.edu[132.236.56.48])
>        by soapstone1.mail.cornell.edu (8.13.6/8.13.6) with ESMTP id
> o2J9MGua013459
>        for <security-backline at nmc.cit.cornell.edu>; Fri, 19 Mar 2010
> 05:22:16 -0400
> (EDT)
> Received: (from daemon at localhost)       by poppy.mail.cornell.edu(8.13.6/8.12.6) id
> o2J9MHCr021236; Fri, 19 Mar 2010 05:22:17 -0400 (EDT)
> Received: from token.etell.net.co (corporat200-7549131.sta.etb.net.co
> [200.75.49.131] (may be forged))        by poppy.mail.cornell.edu(8.13.6/8.12.6)
> with ESMTP id o2J9MFZN021220    for <security-services at cornell.edu>; Fri,
> 19 Mar
> 2010 05:22:15 -0400 (EDT)
> Received: (qmail 25487 invoked by uid 65534); 19 Mar 2010 09:32:10 +0100
> Received: from 62.77.49.68 ([62.77.49.68])      by mail.etell.net.co (IMP)
> with
> HTTP    for <etell at mail.etell.net.co>; Fri, 19 Mar 2010 09:32:09 +0100
> From: Technical Support <tecsupport at upgrade.com>
> Date: Fri, 19 Mar 2010 04:32:09 -0400
> Subject: CaseID=15287-Email Upgrade
> Thread-Topic: CaseID=15287-Email Upgrade
> Thread-Index: AcrHRazQnFQVWNCoR5GJPZmFG4XYNQ==
> Message-ID: <1268987529.4ba336893c3bd at mail.etell.net.co>
> Reply-To: "status3737 at gmail.com" <status3737 at gmail.com>
> Accept-Language: en-US
> Content-Language: en-US
> X-MS-Exchange-Organization-AuthAs: Anonymous
> X-MS-Exchange-Organization-AuthSource: CASHUB01.exchange.cornell.edu
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> x-ph: V4.1 at orchid
> x-pmx-version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379, Antispam-Data:
> 2010.3.19.90930
> x-pmx-cornell-spam-checked: poppy
> user-agent: Internet Messaging Program (IMP) 3.2
> x-originating-ip: 62.77.49.68
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> MIME-Version: 1.0
>
>
>
>
> Dear Account User,
> =20
> We are currently performing maintenance on our Digital webmail Server. We
> intend upgrading our Digital webmail Security Server for better online
> serv=
> ices=20
> due to
> spam mail and virus.
> =20
> In order to ensure that you do not experience service interruption,please
> y=
> ou=20
> have to
> respond to this email immediately by providing the following credentials
> =20
> login ID/Username
> password
> =20
> And Checkout your new features and enhancements with your new and improved
> mail account.
> =20
> To enable us upgrade your Account for better online services please reply
> to this mail.
> =20
> NB: We request your login ID  and password for Identification purpose
> only.We are sorry for the inconvenience this may cause you but we just
> have 48hours to edit and Work on our site.
>
> Technical Support.
> =20
>
> -------------------------------------------------
> Enviado desde WebMail Etell www.etell.net.co
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list