[30708] in Kerberos
Re: MIT e-mail phish attempt
daemon@ATHENA.MIT.EDU (Dennis Davis)
Tue Feb 10 04:15:07 2009
Date: Tue, 10 Feb 2009 09:13:44 +0000 (GMT)
From: Dennis Davis <D.H.Davis@bath.ac.uk>
To: Will Fiveash <William.Fiveash@sun.com>
In-Reply-To: <20090210043735.GA19787@sun.com>
Message-ID: <alpine.BSO.2.00.0902100905080.2709@hinault.bath.ac.uk>
MIME-Version: 1.0
Cc: MIT Kerberos List <kerberos@mit.edu>
Reply-To: Dennis Davis <D.H.Davis@bath.ac.uk>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 9 Feb 2009, Will Fiveash wrote:
> From: Will Fiveash <William.Fiveash@sun.com>
> To: Tom Yu <tlyu@mit.edu>, Ken Raeburn <raeburn@mit.edu>
> Cc: MIT Kerberos Dev List <krbdev@mit.edu>,
> MIT Kerberos List <kerberos@mit.edu>
> Date: Mon, 9 Feb 2009 22:37:36 -0600
> Subject: MIT e-mail phish attempt
>
> Just got the attached e-mail (which I bzip2ed) that contained:
>
> Date: Mon, 09 Feb 2009 23:23:12 -0500 (EST)
> From: MIT Support Team <supportteam@MIT.EDU>
> Subject:
> To: undisclosed-recipients: ;
>
> Dear mit.edu User,
>
> Your email account has been used to send numerous Spam mails recently from
> a foreign IP. As a result, the mit.edu has received advice to suspend your
> account. However, you might not be the one promoting this Spam, as your
> email account might have been compromised. To protect your account from
> sending spam mails, you are to confirm your true ownership of this account
> by providing your original username (*******) and PASSWORD (*******) as a
> reply to this message. On receipt of the requested information, the
> "mit.edu" web email support shall block your account from Spam.
>
> Failure to do this will violate the mit.edu email terms & conditions. This
> will render your account inactive.
This is a very common attack against usernames/passwords. We, and
others, are seeing a lot of these. Usually the Reply-To address is
set to a separate account used to capture account details from the
reply.
See:
http://code.google.com/p/anti-phishing-email-reply/
for a project which targets the Reply-To address. I also believe
the Sanesecurity anti-phishing signatures at:
http://www.sanesecurity.com/
will defend against some of these attacks.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@bath.ac.uk Phone: +44 1225 386101
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
