[nsp-sec] Attention Google - live phising form in googledocs

Peter Moody pmoody at google.com
Mon Oct 24 12:41:16 EDT 2011 

appears dead.

On Fri, Oct 21, 2011 at 9:47 AM, Joel Rosenblatt <joel at columbia.edu> wrote:

> ----------- nsp-security Confidential --------
>
> Hi,
>
> Live phishing form .. please whack
>
> Thanks,
> Joel
>
>
>  <https://docs.google.com/**spreadsheet/viewform?formkey=**
>> dG44eWpTOU13OVY4MEZjTG40NzRscG**c6MQ<https://docs.google.com/spreadsheet/viewform?formkey=dG44eWpTOU13OVY4MEZjTG40NzRscGc6MQ>
>> >Click
>> Here to complete the form.
>>
>>
> ------------ Forwarded Message ------------
> Date: Friday, October 21, 2011 12:09 PM -0400
> From: Alex Rodriguez <adr5 at columbia.edu>
> To: Joel Rosenblatt <joel at columbia.edu>
> Subject: security
>
>  Return-Path: <SW_FRC at lacoe.edu>
>> Received: from lmtpproxyd (casava-eth1.cc.columbia.edu [128.59.33.137])
>>        by trout.cc.columbia.edu (Cyrus v2.3.16) with LMTPA;
>>        Fri, 21 Oct 2011 11:53:33 -0400
>> X-Sieve: CMU Sieve 2.3
>> Received: from casava.cc.columbia.edu ([unix socket])
>>        by mail.columbia.edu (Cyrus v2.3.16) with LMTPA;
>>        Fri, 21 Oct 2011 11:53:33 -0400
>> X-Sieve: CMU Sieve 2.3
>> Received: from feta.cc.columbia.edu (feta.cc.columbia.edu[128.59.28.164])
>>        by casava.cc.columbia.edu (8.13.8/8.13.8) with ESMTP id
>> p9LFrXAa018588;
>>        Fri, 21 Oct 2011 11:53:33 -0400
>> Received: from EDGE1.lacoe.edu (edge1.lacoe.edu [156.3.254.229])
>>        by feta.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id
>> p9LFqUZg006929;
>>        Fri, 21 Oct 2011 11:52:50 -0400 (EDT)
>> Received: from cas2.internal.lacoe.edu (156.3.1.12) by EDGE1.lacoe.edu
>>  (156.3.254.229) with Microsoft SMTP Server (TLS) id 8.2.255.0; Fri, 21
>> Oct
>>  2011 08:52:34 -0700
>> Received: from ECMAIL7.internal.lacoe.edu ([156.3.1.14]) by
>>  cas2.internal.lacoe.edu ([156.3.1.12]) with mapi; Fri, 21 Oct 2011
>> 08:52:43
>>  -0700
>> From: SW_FRC <SW_FRC at lacoe.edu>
>> To: "helpdesk-team at live.com" <helpdesk-team at live.com>
>> Date: Fri, 21 Oct 2011 08:52:42 -0700
>> Subject: Your password will expire in 4days.
>> Thread-Topic: Your password will expire in 4days.
>> Thread-Index: AQHMkAl388JMG9eUhUaGorR3k+**nMSg==
>> Message-ID:
>> <915393240C37524FAA184076DC7BD**46D015818325F82 at ECMAIL7.**
>> internal.lacoe.edu<915393240C37524FAA184076DC7BD46D015818325F82 at ECMAIL7.internal.lacoe.edu>
>> >
>> Accept-Language: en-US
>> Content-Language: en-US
>> X-MS-Has-Attach:
>> X-MS-TNEF-Correlator:
>> acceptlanguage: en-US
>> Content-Type: text/html; charset="iso-8859-1"
>> MIME-Version: 1.0
>> X-Spam-Score: 7.001 (*******) CU_PHISH_25 CU_PHISH_49 CU_TAGGED_LINK
>> HTML_MESSAGE MIME_HTML_ONLY
>> X-Scanned-By: MIMEDefang 2.68 on 128.59.28.164
>>
>> Your password will expire in 4days. System Administrator in
>> currently working to improve on the security of all the Webmail
>> Users as we periodically review certain Accounts which are
>> vulnerable to Unauthorised Access. We have noticed some unusual
>> invalid login attempts into your Webmail Account. Therefore your
>> account has been limited and may experience inability to send and
>> receive new mail and might also be disabled.
>>
>>
>> To remove this limitation and initiate your Account Update process,
>> please
>> <https://docs.google.com/**spreadsheet/viewform?formkey=**
>> dG44eWpTOU13OVY4MEZjTG40NzRscG**c6MQ<https://docs.google.com/spreadsheet/viewform?formkey=dG44eWpTOU13OVY4MEZjTG40NzRscGc6MQ>
>> >Click
>> Here to complete the form.
>>
>>
>>
>> For more information please
>> <https://docs.google.com/**spreadsheet/viewform?formkey=**
>> dG44eWpTOU13OVY4MEZjTG40NzRscG**c6MQ<https://docs.google.com/spreadsheet/viewform?formkey=dG44eWpTOU13OVY4MEZjTG40NzRscGc6MQ>
>> >Click
>> Here..
>>
>> Help Desk
>>
>
>
> ---------- End Forwarded Message ----------
>
>
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> Public PGP key
> http://pgp.mit.edu:11371/pks/**lookup?op=get&search=**0x90BD740BCC7326C3<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3>
>
>
>
> ______________________________**_________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/nsp-security<https://puck.nether.net/mailman/listinfo/nsp-security>
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> ______________________________**_________________
>



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list