[nsp-sec] google docs phish site

RuthAnne Bevier ruthanne at caltech.edu
Sun Aug 28 17:28:06 EDT 2011 

Another google docs phish site is at:
https://docs.google.com/spreadsheet/viewform?formkey=dG1rbmlnYnJCYXpLYmEtSV9MenZpQnc6MQ

A sample message with full headers is below:

>From bruskey at susqu.edu Sun Aug 28 14:13:05 2011
Return-Path: <bruskey at susqu.edu>
X-Original-To: thanne at caltech.edu
Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])
	by fire-doxen-postvirus (Postfix) with ESMTP id 313F232809F;
	Sun, 28 Aug 2011 14:13:06 -0700 (PDT)
X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: -3.189
X-Spam-Level: 
X-Spam-Status: No, score=-3.189 tagged_above=-10000 required=5
	tests=[HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SNF4SA=-2.189,
	SPF_PASS=-0.001] autolearn=unavailable
Received: from jonola.caltech.edu (jonola.caltech.edu [131.215.239.176])
	by fire-doxen-external (Postfix) with ESMTP id EAED5328056;
	Sun, 28 Aug 2011 14:13:01 -0700 (PDT)
Received: by jonola.caltech.edu (Postfix, from userid 60001)
	id CF64C17171; Sun, 28 Aug 2011 14:13:01 -0700 (PDT)
X-Original-To: ipoffice at treqs.caltech.edu
Delivered-To: ipoffice at treqs.caltech.edu
Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu [131.215.239.19])	by jonola.caltech.edu (Postfix) with ESMTP id 5DAE917135	for <ipoffice at treqs.caltech.edu>; Sun, 28 Aug 2011 14:13:00 -0700 (PDT)
Received: from treqs-delivery.caltech.edu (localhost [127.0.0.1])	by earth-doxen-postvirus (Postfix) with ESMTP id 3388566E025F	for <ipoffice at treqs.caltech.edu>; Sun, 28 Aug 2011 14:13:00 -0700 (PDT)
X-Mailbox-Line: From bruskey at susqu.edu  Sun Aug 28 14: 12:59 2011
X-Original-To: ipoffice at caltech.edu
Delivered-To: ipoffice at caltech.edu
Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])	by earth-doxen-postvirus (Postfix) with ESMTP id E5C7B66E026C	for <ipoffice at caltech.edu>; Sun, 28 Aug 2011 14:12:59 -0700 (PDT)
X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
Received: from mail-vw0-f45.google.com (mail-vw0-f45.google.com [209.85.212.45])	by earth-doxen-external (Postfix) with ESMTP id 763D666E025F	for <ipoffice at caltech.edu>; Sun, 28 Aug 2011 14:12:57 -0700 (PDT)
Received: by vws17 with SMTP id 17so5635255vws.18        for <ipoffice at caltech.edu>; Sun, 28 Aug 2011 14:12:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.7.82 with SMTP id c18mr1274368vcc.225.1314565976446; Sun, 28 Aug 2011 14:12:56 -0700 (PDT)
Received: by 10.220.108.20 with HTTP; Sun, 28 Aug 2011 14:12:56 -0700 (PDT)
Date: Sun, 28 Aug 2011 22:12:56 +0100
Message-ID: <CAF6DyxN62pwJSAane15Z-ToV0rkjtqu9RvKT8WwJYn8qQDW8dQ at mail.gmail.com>
Subject: [TR #2212049] Important: Database Maintenance Update !!!
From: "Bruskey, Frank" <bruskey at susqu.edu>
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary=000325573fc60f5c1004ab973e56
X-TBCK-ID: acc1980ae0e481d8aebe46c97b6e9cd0
X-TBCK-Status: First;AllClear;0
Precedence: bulk
X-Caltech-ITS-T-Reqs-Initiated: yes
X-Caltech-ITS-T-Reqs-URL: https://treqs.caltech.edu/cgi-bin/ars-get-ticket.pl?ticket_id=2212049
X-Caltech-ITS-T-Reqs-Group: IP Office

--000325573fc60f5c1004ab973e56
Content-Type: text/plain; charset=ISO-8859-1

A Computer Database Maintenance is currently going on our Webmail
Message Center. Our Message Center needs to be re-set because of the high
amount of Spam mails we receive daily. A Quarantine Maintenance will help us
prevent this everyday dilemma.To re-validate your mailbox Please
CLICKHERE<https://docs.google.com/spreadsheet/viewform?formkey=dG1rbmlnYnJCYXpLYmEtSV9MenZpQnc6MQ>

Failure to re-validate your mailbox will render your e-mail in-active
from our database.
Thanks.

--000325573fc60f5c1004ab973e56
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div id=3D"yiv1141694339">A Computer Database Maintenance is currently goin=
g on our Webmail<br>Message Center. Our Message Center needs to be re-set b=
ecause of the high<br>amount of Spam mails we receive daily. A Quarantine M=
aintenance will help us<br>
prevent this everyday dilemma.To re-validate your mailbox Please <a href=3D=
"https://docs.google.com/spreadsheet/viewform?formkey=3DdG1rbmlnYnJCYXpLYmE=
tSV9MenZpQnc6MQ">CLICKHERE</a><font color=3D"#234786"><br></font><br>Failur=
e to re-validate your mailbox will render your e-mail in-active<br>
from our database.<br>Thanks.<br></div>

--000325573fc60f5c1004ab973e56--
-- 
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671

More information about the nsp-security mailing list