Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Scam Email - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Scam Email

New week, new scams. Two emails showed up on our ISC scam radar this morning.

One seems directed at universities, and is informing students that their email quota is exhausted and asks them to connect to a web site (studentresume. c.la) to re-enable their account. The site includes an iframe from planetchiltern. com and doesn't even TRY to look like the web site of an university. It still asks for your userid and password, though...

Another one pretends to come from Microsoft and warns users on a rapidly spreading Conficker.B infection (sic!).  Conveniently enough, the email includes the "patch and removal tool".

If you fell for either of these, now would be a good time to confess to your sysadmin :).

[Thanks to ISC readers Matt and Joe for the samples]

 

Daniel

367 Posts
ISC Handler
We get loads of the e-mail quota and similar scams. There is a collaborative project, mostly between university mail admins, hosted at Googlecode http://code.google.com/p/anti-phishing-email-reply/ (but we moved the SVN repository to Sourceforge when GC was unreliable) where we maintain a list of bad reply addresses and links to generic forms. The scams seem to compromise dozens of accounts each day.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!