[nsp-sec] ATTN Google, another phish dropbox at webmail.alert212 at gmail.com

RuthAnne Bevier ruthanne at caltech.edu
Tue Sep 13 14:11:11 EDT 2011 

Here is another one, webmail.alert212 at gmail.com.  Sample data below.
 
>From webmail.alert212 at gmail.com Tue Sep 13 05:10:57 2011
Return-Path: <webmail.alert212 at gmail.com>
X-Original-To: ruthanne at caltech.edu
Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
         by earth-doxen-postvirus (Postfix) with ESMTP id 8B03266E07C2
         for <ruthanne at caltech.edu>; Tue, 13 Sep 2011 05:10:57 -0700 (PDT)
X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: -3.2
X-Spam-Level:
X-Spam-Status: No, score=-3.2 tagged_above=-10000 required=5
         tests=[DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001, RCVD_IN_DNSWL_LOW=-1,
         SNF4SA=-2.199, SPF_PASS=-0.001] autolearn=disabled
Received: from mail-bw0-f45.google.com (mail-bw0-f45.google.com [209.85.214.45])
         by earth-doxen-external (Postfix) with ESMTP id 6D97F66E07C4
         for <ruthanne at caltech.edu>; Tue, 13 Sep 2011 05:10:52 -0700 (PDT)
Received: by mail-bw0-f45.google.com with SMTP id zv15so664276bkb.18
         for <ruthanne at caltech.edu>; Tue, 13 Sep 2011 05:10:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
         d=gmail.com; s=gamma;
         h=mime-version:date:message-id:subject:from:to:content-type;
         bh=CTs+GHi68SAaO7g0XhjlHb72qOU5bSgQIV/+KE5wDw4=;
         b=Qp4jSu13cfxczaZp6BExjKfsPAVZDpcjBF/FgNRXwn9OftCtQLqDAA1UrFj/G64cgJ
          Up7YdCEkvO8+F5NGG6IjYAW7Cy/eBVmckmNIaQ4KWGX+MCZEk5bZhwwgYk69D8ezM/8W
          5MC0Mcqy+0zhX1UPA2DGqxHYfybc0pleQ4kHA=
MIME-Version: 1.0
Received: by 10.204.132.133 with SMTP id b5mr2052782bkt.343.1315915851960;
  Tue, 13 Sep 2011 05:10:51 -0700 (PDT)
Received: by 10.204.77.206 with HTTP; Tue, 13 Sep 2011 05:10:51 -0700 (PDT)
Date: Tue, 13 Sep 2011 13:10:51 +0100
Message-ID: <CAG8CYFwpTwhHM3XaD8m1_g8CoKga1zure5NQmXGuFjXtTPnTww at mail.gmail.com>
Subject: Dear WebMail Subscriber
From: System Administrators <webmail.alert212 at gmail.com>
To: undisclosed-recipients:;
Content-Type: text/plain; charset=ISO-8859-1

Dear WebMail Subscriber,

We would like to inform you that we are currently carrying out
scheduled maintenance and upgrade of our webmail service and as a
result our email client has been changed and your original password
will be reset. We are sorry for any inconvenience caused.

To complete your webmail account, you must reply to this email
immediately and enter your
<snip>



-- 
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671

More information about the nsp-security mailing list