[nsp-sec] ATTN Google, gmail dropbox in phish

RuthAnne Bevier ruthanne at caltech.edu
Mon Oct 17 18:34:11 EDT 2011 

Mailbox is "dedshelp2 at gmail.com".  

Here are full headers from a sample message:

Microsoft Mail Internet Headers Version 2.0
Received: from OUTLOOK.ad.caltech.edu ([131.215.239.3]) by rosencrantz.dev.ad.caltech.edu with Microsoft SMTPSVC(6.0.3790.4675);
	 Mon, 17 Oct 2011 14:20:51 -0700
Received: from EX-CASHUB3.ad.caltech.edu ([131.215.85.9]) by OUTLOOK.ad.caltech.edu with Microsoft SMTPSVC(6.0.3790.4675);
	 Mon, 17 Oct 2011 14:18:43 -0700
Received: from ex-edge1.caltech.edu (131.215.240.14) by
 EX-CASHUB3.ad.caltech.edu (192.168.40.9) with Microsoft SMTP Server (TLS) id
 14.1.339.1; Mon, 17 Oct 2011 14:18:43 -0700
Received: from outgoing-mail.its.caltech.edu (131.215.239.19) by
 ex-edge1.caltech.edu (131.215.240.14) with Microsoft SMTP Server id
 14.1.339.1; Mon, 17 Oct 2011 14:18:42 -0700
Received: by fire-doxen.caltech.edu (Postfix, from userid 60008)	id
 E978932816C; Mon, 17 Oct 2011 14:18:41 -0700 (PDT)
X-Original-To: chris_yoder at caltech.edu
Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])	by
 fire-doxen-postvirus (Postfix) with ESMTP id 669D32E50E98	for
 <chris_yoder at caltech.edu>; Mon, 17 Oct 2011 14:18:38 -0700 (PDT)
X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: -0.481
X-Spam-Level:
X-Spam-Status: No, score=-0.481 tagged_above=-10000 required=5
	tests=[CIT_FORGED_FROM=1.22, CIT_FROM_ADDR=-0.7, DKIM_SIGNED=0.001,
	DKIM_VERIFIED=-0.001, RCVD_IN_DNSWL_LOW=-1, SPF_PASS=-0.001]
	autolearn=unavailable
Received: from mail-iy0-f173.google.com (mail-iy0-f173.google.com
 [209.85.210.173])	by fire-doxen-external (Postfix) with ESMTP id AE99A2E50E86
	for <chris_yoder at caltech.edu>; Mon, 17 Oct 2011 14:18:36 -0700 (PDT)
Received: by mail-iy0-f173.google.com with SMTP id l21so8708978iak.18
        for <chris_yoder at caltech.edu>; Mon, 17 Oct 2011 14:18:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=QgNQVuBkJldaWTl2sxWvCLnrTOK6L3ZkvLldimYHmko=;
        b=Uyz4i6DtNQma4Zp9b7Va6KVPc9Cqo78zOQCKDQj2FXVZeIU0XjKVVNmGTQ2I00u384
         bylVV4lFQSbreb61yPGKxAbFdTqXqa8i20mNxICMUIrZ/hFGW2thsdpm0024CwndDPMz
         30a6BFILmTkHEqI0Ud2WBJZaAcY3NMocyjcXo=
MIME-Version: 1.0
Received: by 10.231.61.205 with SMTP id u13mr4102214ibh.70.1318880047978; Mon,
 17 Oct 2011 12:34:07 -0700 (PDT)
Received: by 10.231.167.12 with HTTP; Mon, 17 Oct 2011 12:34:07 -0700 (PDT)
Date: Mon, 17 Oct 2011 20:34:07 +0100
Message-ID: <CAAYwz6Mq18au5rvR=8xEsDLr8UddoEwnvytST+2q7WhKY0+QVg at mail.gmail.com>
Subject: Important! 2011 webmail upgrade to avoid deletion of Email Account
From: "IMSS Help Desk<help at its.caltech.edu>" <dedshelp2 at gmail.com>
To: undisclosed-recipients:;
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-Path: dedshelp2 at gmail.com
X-Brightmail-Tracker: AAAAAgAAAUAAAAFU
X-OriginalArrivalTime: 17 Oct 2011 21:18:43.0494 (UTC) FILETIME=[595A9C60:01CC8D12]






-- 
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671

More information about the nsp-security mailing list