[104786] in North American Network Operators' Group
Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT
daemon@ATHENA.MIT.EDU (Matthew Black)
Tue May 27 13:55:13 2008
From: Matthew Black <black@csulb.edu>
To: nanog@nanog.org
Date: Tue, 27 May 2008 10:52:10 -0700
In-Reply-To: <1211645673.2541.3.camel@ernie.internal.graemef.net>
Errors-To: nanog-bounces@nanog.org
On Sat, 24 May 2008 17:14:33 +0100
Graeme Fowler <graeme@graemef.net> wrote:
> On Sat, 2008-05-24 at 17:02 +0200, Peter Dambier wrote:
>> I dont trust it:
>
> Quite right too, it's a spear-phishing attack. This is currently an
> almost daily occurrence for .edu domains.
>
> The compromised accounts are frequently abused via webmail systems,
> being used to send out more scams.
>
> The scammers responsible are also targeting UK higher ed institutions,
> with a limited degree of success. I can't really speak for my US
> counterparts with regards the success of the attacks, but one would
> surmise that it's more or less the same. To paraphrase badly:
>
> All users are gullible, but some are more gullible than others.
>
> -g
As a US EDU, I can attest to the fact that a handful of
our webmail accounts have been compromised and subsequently
used to send out these types of phishing attacks. We never
figured out how the accounts were compromised. I suspect
users with hand-held devices are being snooped when they
use IMAP. Our webmail is SSL, but not IMAP.
Most of the spammers' messages appear as though someone
is manually using their cut & paste to generate the spam,
not anything automated (based on the rate messages go out.
Seems rather tedious.
matthew black
e-mail postmaster
network services
california state university, long beach
