Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Handlers Diary Blog - Potential Phish for Regular Webmail Accounts InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Potential Phish for Regular Webmail Accounts

Published: 2012-10-21
Last Updated: 2012-10-22 01:29:54 UTC
by Lorna Hutcheson (Version: 1)
7 comment(s)

I was looking through my spam folder today and saw an interesting phish.  The phishing email is looking for email account information.  Nothing new about that, except this one seemed to have a broad target range.  Normally, these types of phishes are sent to .edu addresses not those outside of academia.  From the email headers, this one was sent to the Handlers email which is a .org.  A non-technical user, like many of my relatives, would probably respond to this.  I could see this being successful against regular webmail users of Gmail, Hotmail, etc.  especially if the verbiage was changed slightly.  It could also be targeting those who may be enrolled in online universities.  I was wondering if anyone else has seen this type of phish toward their non .edu webmail accounts.  I have included the email below:

From: University Webmaster <university.m@usa.com>
Date: Fri, Oct 19, 2012 at 9:34 PM
Subject: Webmail Account Owner
To:

Dear Webmail Account Owner,

This message is  from the University Webmail Messaging Center to all email account owners.

We are currently carrying out scheduled maintenance,upgrade of our web mail service and we are changing our mail host server,as a result your original password will be reset.

We are sorry for any inconvenience caused.

To complete your webmail email account upgrade, you must reply to this email immediately and provide the information requested below.

*********************************************************************************
CONFIRM YOUR EMAIL IDENTITY NOW
E-mail Address:
User Name/ID:
Password:
Re-type Password:

************************************************************************************
Failure to do this will immediately render your email address deactivated from the University Webmail.
************************************************************************************

This E-mail is confidential and privileged. If you are not the intended Recipient please accept our apologies; Please do not Disclose, Copy or Distribute Information in this E-mail or take any action in Reliance on its contents: to do so is strictly prohibited and may be Unlawful.

Please inform us that this Message has gone astray before deleting it.

Thank you for your Co-operation.

Copyright ©2011 University Webmaster. All Rights Reserved

7 comment(s)
Diary Archives