[nsp-sec] ATTN Google: google docs site used in phish

Chris Morrow morrowc at ops-netman.net
Sun Apr 10 05:50:40 EDT 2011 


On 04/10/11 17:46, RuthAnne Bevier wrote:
> ----------- nsp-security Confidential --------
> 
> Site is
> https://spreadsheets.google.com/viewform?formkey=dGZSNVREQlhzTk1IQ3RkZmtSWUdYMkE6MQ

I submitted my email information, thanks! (please make my email keep the
working!)

-chris

> Sample with full headers below:
> 
> 
> Return-path: <jlisthau at yu.edu>
> X-Original-To: ecg at caltech.edu
> Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1]) by
>  fire-doxen-postvirus (Postfix) with ESMTP id 3AF8A328069 for
>  <ecg at caltech.edu>; Sun, 10 Apr 2011 02:28:19 -0700 (PDT)
> X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: -1.804
> X-Spam-Status: No, score=-1.804 tagged_above=-10000 required=5
> tests=[RCVD_IN_DNSWL_LOW=-1, SNF4SA=-0.802, SPF_HELO_PASS=-0.001,
> SPF_PASS=-0.001] autolearn=unavailable
> Received: from mx2.mc.yu.edu (mx2.mc.yu.edu [129.98.201.102]) by
>  fire-doxen-external (Postfix) with ESMTP id E74D6328053 for
> <ecg at caltech.edu>;
>  Sun, 10 Apr 2011 02:28:17 -0700 (PDT)
> Received: from phobos.mc.yu.edu (phobos.mc.yu.edu [129.98.201.101]) by
>  mx2.mc.yu.edu (Postfix) with ESMTP id 990DB9C88AC for
> <ecg at caltech.edu>; Sun,
>  10 Apr 2011 05:10:40 -0400 (EDT)
> X-AuditID: 8162c965-a189dbb000001459-66-4da16f3645ad
> Received: from fe5.prod.mis.yu.edu (deliver.mc.yu.edu [129.98.201.63]) by
>  phobos.mc.yu.edu (Symantec Mail Security) with ESMTP id 32D67328003 for
>  <ecg at caltech.edu>; Sun, 10 Apr 2011 04:49:58 -0400 (EDT)
> Received: from fe7.prod.mis.yu.edu (fe7.prod.mis.yu.edu [10.11.12.57])
> (using
>  TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client
> certificate
>  requested) by fe5.prod.mis.yu.edu (Postfix) with ESMTPSA id 07A2B67644 for
>  <ecg at caltech.edu>; Sun, 10 Apr 2011 05:10:40 -0400 (EDT)
> Received: from yums.yu.edu (fe5.prod.mis.yu.edu [10.11.12.55]) by
>  fe7.prod.mis.yu.edu (Postfix) with ESMTP id DE7685F70B; Sun, 10 Apr 2011
>  05:09:50 -0400 (EDT)
> Received: from 74.115.6.21 (SquirrelMail authenticated user jlisthau) by
>  yums.yu.edu with HTTP; Sun, 10 Apr 2011 05:09:51 -0400
> Message-ID: <7dc20eaeb0671fbf354abc69b5f03cc0.squirrel at yums.yu.edu>
> Date: Sun, 10 Apr 2011 02:09:51 -0700
> Subject: Webmail Technical Crew
> From: "IT Helpdesk" <jlisthau at yu.edu>
> User-Agent: SquirrelMail/1.4.19-1.fc9
> MIME-Version: 1.0
> Content-Type: text/plain;charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> Importance: Normal
> X-Brightmail-Tracker: AAAAAA==
> 
> Your email Has Exceeded The Set Quota/Limit Which Is 20GB.
> 
> Your Are Currently Running On 23GB Due To Hidden Files And Folder On
> 
> Your Mailbox and There Will Be An Upgrade In Our Data Base And E-mail
> 
> Center We Are Deleting All Unused Mail Accounts.You Are Required To Verify
> 
> Your Mail Account By Confirming Your Mail Identity.You are to click on
> thishttps://spreadsheets.google.com/viewform?formkey=dGZSNVREQlhzTk1IQ3RkZmtSWUdYMkE6MQ
> 
> to update account now This Will
> 
> Prevent Your Mail Account From Been Closed During This Exercise
> 
> Please Validate Your Mailbox And Increase Your Quota.
> 
> Webmail Technical Crew
> 
> 
> 
>

More information about the nsp-security mailing list