Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Why go high-tech?

Published: 2008-06-17
Last Updated: 2008-06-17 17:09:50 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)

We received a report today from an EDU that received hundreds of undeliverable notices from other EDU domains.  Their "helpdesk" email box had been used as the spoofed from address in a simple "ask for the user's password to avoid account closure" attempt to gather email account passwords from unsuspecting college students.  But instead of going to a website, user is just supposed to send the account details to an email address at the bottom of the page.  Turns out that a couple of them replied with their account details to the EDU, instead of the attacker.  It is somewhat of a catch-22 for the attacker - use a more official "from" address and user is more likely to reply; but the same user is likely not to follow the directions at the bottom of the message stating send your reply to xyz@attacker.com. 

The story reminds me of "stupid criminal" stories.  But on the Internet, there is less chance of getting caught and more likelihood that someone will fall for the attack.

Keywords: lowtech phishing
0 comment(s)
Diary Archives