[nsp-sec] ATTN: Google - phish using Google docs

Fri Oct 28 00:14:38 EDT 2011

Issues was sent to abuse at google.com and reported via the Docs abuse link
yesterday.  Link is still live as of this evening.

https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ

Thanks,
-miyake

----------------------------------------------------------------------
Return-Path: <helpdesk at uoregon.edu>
Received: from pps.reinject (localhost [127.0.0.1])
	by smtp.uoregon.edu (8.14.5/8.14.5) with ESMTP id p9Q13UN2000438
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Tue, 25 Oct 2011 18:03:30 -0700
Received: from oh-mserv1 (localhost [127.0.0.1])
	by pps.reinject (8.14.1/8.14.1) with SMTP id p9Q13UA6000432;
	Tue, 25 Oct 2011 18:03:30 -0700
Received: from flawless.hostnac.com (flawless.hostnac.com [67.23.244.186])
	by smtp.uoregon.edu with ESMTP id p9Q13P25000410
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Tue, 25 Oct 2011 18:03:29 -0700
Received: from localhost.localdomain ([127.0.0.1]:33443 helo=localhost)
	by flawless.hostnac.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from <helpdesk at uoregon.edu>)
	id 1RIrtk-00080l-QU; Tue, 25 Oct 2011 21:03:16 -0400
Received: from 74.115.6.49 ([74.115.6.49]) by kaspi.edu.az (Horde
Framework) with HTTP; Tue, 25 Oct 2011 21:03:16 -0400
Message-ID: <20111025210316.757938pq3i3p0e38 at kaspi.edu.az>
Date: Tue, 25 Oct 2011 21:03:16 -0400
From: Helpdesk Office <helpdesk at uoregon.edu>
To: undisclosed-recipients:;
Subject: UPDATE YOUR WEBMAIL NOW
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_4o1edux9vw2c"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - flawless.hostnac.com
X-AntiAbuse: Original Domain - uoregon.edu
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - uoregon.edu
X-Proofpoint-Virus-Version: vendor=fsecure
engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-10-25_07:2011-10-25,2011-10-25,1970-01-01 signatures=0
X-Proofpoint-Spam-Reason: safe

This message is in MIME format.

--=_4o1edux9vw2c
Content-Type: text/plain;
charset=ISO-8859-1
Content-Description: Plaintext Version of Message
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Dear Webmail User,

With Due respect, The Webmail Technical Crew is Presently Under going
Account's Update which will help the Webmail service to be very much Active
and better and your Account that has Exceeded it's Quota's. You are hereby
Requested to Update your Account Now in order not to loose your webmail
Account, To Update your Account now do make sure youClick Here[1]
UPDATE YOUR WEBMAIL NOW
Failure to Update your webmail account Now will resolve to Loosing your
Webmail Account.
Thanks,
WEBMAIL TECHNICAL CREW

Links:
------
[1]
https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ

--=_4o1edux9vw2c
Content-Type: text/html;
charset=ISO-8859-1
Content-Description: HTML Version of Message
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

<p
class="imp-signature"><!--begin_signature--><!--end_signature--></p>Dear
Webmail User,<br />
 <div> <br />
With Due respect, The Webmail Technical Crew is Presently Under going<br />
Account's Update which will help the Webmail service to be very much
Active<br />
and better and your Account that has Exceeded it's Quota's. You are
hereby<br />
Requested to Update your Account Now in order not to loose your
webmail<br />
Account, To Update your Account now do make sure you</div><a
href="https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ"
target="_blank" rel="nofollow">Click Here</a><br />UPDATE YOUR WEBMAIL
NOW<br />
Failure to Update your webmail account Now will resolve to Loosing
your<br />
Webmail Account.<br />
Thanks,<br />
WEBMAIL TECHNICAL CREW
--=_4o1edux9vw2c--