On Sat, 24 May 2008 17:14:33 +0100 Graeme Fowler <graeme@graemef.net> wrote:
On Sat, 2008-05-24 at 17:02 +0200, Peter Dambier wrote:
I dont trust it:
Quite right too, it's a spear-phishing attack. This is currently an almost daily occurrence for .edu domains.
The compromised accounts are frequently abused via webmail systems, being used to send out more scams.
The scammers responsible are also targeting UK higher ed institutions, with a limited degree of success. I can't really speak for my US counterparts with regards the success of the attacks, but one would surmise that it's more or less the same. To paraphrase badly:
All users are gullible, but some are more gullible than others.
-g
As a US EDU, I can attest to the fact that a handful of our webmail accounts have been compromised and subsequently used to send out these types of phishing attacks. We never figured out how the accounts were compromised. I suspect users with hand-held devices are being snooped when they use IMAP. Our webmail is SSL, but not IMAP. Most of the spammers' messages appear as though someone is manually using their cut & paste to generate the spam, not anything automated (based on the rate messages go out. Seems rather tedious. matthew black e-mail postmaster network services california state university, long beach