[nsp-sec] ATTN Google, spreadsheets.google.com used in Phish

RuthAnne Bevier ruthanne at caltech.edu
Tue Mar 1 14:12:42 EST 2011 

https://spreadsheets.google.com/viewform?formkey=dDdlNk5JQXBDdmt0dl9qZ2ctclBqQkE6MQ
is hosting a phish form currently, FYI.

Sample message with full headers below:

>
>From esasser at wallace.edu  Tue Mar  1 09:47:03 2011
Return-Path: <esasser at wallace.edu>
X-Original-To: help at treqs.caltech.edu
Delivered-To: help at treqs.caltech.edu
Received: from outgoing-mail.its.caltech.edu
(outgoing-mail.its.caltech.edu
[131.215.239.19])
	by jonola.caltech.edu (Postfix) with ESMTP id 7946616EFF
	for <help at treqs.caltech.edu>; Tue,  1 Mar 2011 09:47:03
-0800 (PST)
Received: from treqs-delivery.caltech.edu (localhost [127.0.0.1])
	by fire-doxen-postvirus (Postfix) with ESMTP id CE29C3280E8
	for <help at treqs.caltech.edu>; Tue,  1 Mar 2011 09:46:59
-0800 (PST)
X-Mailbox-Line: From esasser at wallace.edu  Tue Mar  1 09: 46:59 2011
X-Original-To: help at caltech.edu
Delivered-To: help at caltech.edu
Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])
	by fire-doxen-postvirus (Postfix) with ESMTP id 744983280F4
	for <help at caltech.edu>; Tue,  1 Mar 2011 09:46:59 -0800
(PST)
X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: 2.404
X-Spam-Level: **
X-Spam-Status: No, score=2.404 tagged_above=-10000 required=5
	tests=[HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.819,
SNF4SA=-1.222,
	SUBJ_ALL_CAPS=1.806] autolearn=disabled
Received: from hermes.wallace.edu (hermes.wallace.edu
[207.157.58.13])
	by fire-doxen-external (Postfix) with ESMTP id 5A1DA32811F
	for <help at caltech.edu>; Tue,  1 Mar 2011 09:46:47 -0800
(PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CBD838.A44EC11F"
Subject: TECHNICAL SUPPORT TEAM
Date: Tue, 1 Mar 2011 11:46:49 -0600
Message-ID:
<B7632F2E2FE9BE469C7A87B16B966A25017E15BC at hermes.main.int>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: TECHNICAL SUPPORT TEAM
Thread-Index: AcvYOKEc7+0tUJ20R5KLxjKgfLWGsQ==
From: "Eva Sasser" <esasser at wallace.edu>
To: <info at web.org>
X-TBCK-ID: cee4d70374ec968f4b91cec962c9bc85
X-TBCK-Status: First;AllClear;0

THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM This message is sent
automatically by the computer. If you are receiving this message it
means that your email address has been queued for deactivation; this
was as a  result of a continuous error script (code:505)receiving
from this email address. C
<https://spreadsheets.google.com/viewform?formkey=dDdlNk5JQXBDdmt0dl9qZ2ctclBqQkE6MQ>
LICK HERE
<https://spreadsheets.google.com/viewform?formkey=dDdlNk5JQXBDdmt0dl9qZ2ctclBqQkE6MQ>
and fillout the required field to resolve this problem 
 
Note: Failure to reset your email by ignoring this message or
inputing wrong information will result to instant deactivation of
this email 
address


>

-- 
RuthAnne Bevier
Information Security
California Institute of Technology   
626-395-2671
ruthanne at caltech.edu

More information about the nsp-security mailing list