May 13, 2008
Update: This is still going around. The latest example forwarded to us is as follows:
From: MAIL.GATECH.EDU TEAM <customercare@mail.gatech.edu>
Subj: CONFIRM YOUR MAIL.GATECH.EDU EMAIL ACCOUNT IMMEDIATELY!!!
Date: Tue May 13, 2008 12:19 am
Size: 568 bytes
To: undisclosed-recipients: ;
Dear MAIL.GATECH.EDU Subscriber,
To verify your MAIL.GATECH.EDU account, you must reply to this email immediately
and enter your password here (*********)
Failure to do this, We will immediately render your email address deactivated
from our database.
You can also confirm your email address by logging into your MAIL.GATECH.EDU
account at https://webmail.mail.gatech.edu/horde/
Thank you for using UNH.EDU !
THE MAIL.GATECH.EDU TEAM
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
04 March 2008
UPDATE: We have received several reports in regards to people receiving these phishing attacks. Please just put the message in your junk mail folder. For more information on what phishing is please follow this link to wikipedia.com.
From: http://isc.sans.org/diary.html?storyid=3917, edited for content
Published: 2008-02-01,
Last Updated: 2008-02-01 15:52:21 UTC
by Mark Hofman (Version: 1)
We?ve had a few reports of Universities/Colleges being hit with somevery targeted emails trying to get the userid and password of students. The email is usually along these lines.
------------------------------------------------
Subject VERIFY YOUR xxxxxx EMAIL ACCOUNT NOW
Dear xxxxx Email Account Owner,
This message is from xxxxx messaging center to allxxxxx email account owners. We are currently upgrading our data baseand e-mail account center. We are deleting all unused xxxxx emailaccount to create more space for new accounts.
To prevent your account from closing you will have to update it below so that we will know that it's a present used account.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........
Warning!!! Account ownerthat refuses to update his or her account within Seven days ofreceiving this warning will lose his or her account permanently.
Thank you for using xxxxxx!
Warning Code:VX2G99AAJ
Thanks,
Xxxxx Team
----------------------------------
The sender will be often be xxxxxteam@isp used to send msg or uni address
The reply address will be external to the organization. In the sample we have, it is usxxxxxxcountupgrade@live.com. (where xxxxx is the domain name used by the institution, without the .edu).
The message often passes through some SPAM filters due to the relatively low volume of messages.
Look for messages to multiple recipients andincreased volume of internal email to one specific external address.
Update
Looking at the samples sent in, the textbasically only varies where the xxxxx are in the sample shown. Thereply addresses used so far were in live.com and hotmail.com domains.