[nsp-sec] ATTN Google, accountverifiers2414 at googlemail.com used as a phish dropbox
RuthAnne Bevier
ruthanne at caltech.edu
Tue Sep 13 13:20:17 EDT 2011
In case this one hasn't been reported yet, accountverifiers2414 at googlemail.com is being used in a return-mail phish. Sample below:
> X-Original-To: man at caltech.edu
> X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: -2.696
> X-Spam-Level:
> X-Spam-Status: No, score=-2.696 tagged_above=-10000 required=5
> tests=[DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001, PBJ_FRM_NUM1=0.6,
> RCVD_IN_DNSWL_LOW=-1, SNF4SA=-2.295, SPF_PASS=-0.001]
> autolearn=unavailable
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=googlemail.com; s=gamma;
> h=mime-version:date:message-id:subject:from:to:content-type;
> bh=CTs+GHi68SAaO7g0XhjlHb72qOU5bSgQIV/+KE5wDw4=;
> b=ACC2tsh3Ina1QZs+zMD28Km9YCVgXvGIgz4mJMXzxxTW5yNOGpdpEg4tO4IB2BHfou
> /hDMlkRpOijYq4HGQaqk42i9B0IVmPTTqO0fAV5cpiqglWiSAoCsprqhjw0vfBxP7tPv
> gBVc/wJm7A6w4QIvIlF1i3SxUgAxhs1bybrjc=
> Date: Tue, 13 Sep 2011 12:23:38 +0100
> Subject: Dear WebMail Subscriber
> From: System Adminstrators <accountverifiers2414 at googlemail.com>
> To: undisclosed-recipients:;
>
> Dear WebMail Subscriber,
>
> We would like to inform you that we are currently carrying out
> scheduled maintenance and upgrade of our webmail service and as a
> result our email client has been changed and your original password
<snip>
--
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671
More information about the nsp-security
mailing list