nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T Midwest
| College phishing
This is an example of the new phishing that is being aimed mainly at college students.
Headers:
Message body:
--------------------------------
Dear EARLHAM.EDU Subscriber,
To verify your EARLHAM.EDU account, you must reply to this email
immediately and enter your password here (*********)
Failure to do this will immediately render your email address deactivated
from our database.
You can also confirm your email address by logging into your EARLHAM.EDU
account at https://webmail.earlham.edu/squirrel/src/login.php
Thank you for using EARLHAM.EDU !
THE EARLHAM.EDU TEAM
--------------------------------
The URL in the email is safe, and appears to be the real webmail site at Earlham College. The "Return-Path:" and "From:" headers also appear to have addresses at Earlham, though I have not tested them.
The "Reply-To:" header is the suspicious one. If somebody responds to this by email they will be sending their college network password to the phisher.
Note: I am not at Earlham. I have no idea why I was targetted for this particular message.
Judging by experience at my own campus, the stolen information is used for spamming. The spammers use the password to login to the webmail site, then do an automated spam run via that webmail.
The phish email was sent via an ISP webmail interface, and possibly that was based on an earlier email phish.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.14 |
