Re: Phishing from an AZ .gov address?

Author	All Replies
leibold Premium,MVM join:2002-07-09 Sunnyvale, CA kudos:6 Reviews: ·SONIC.NET	reply to dsilvers Re: Phishing from an AZ .gov address? said by dsilvers: Your hunch is likely correct: Appears to be from 159.36.7.43 Arizona Department of Health Services. Actually if the headers aren't forged then the email originally came from 159.36.7.40 (HSPHXMEXMB01.hs.azdhs.gov) and was relayed by 159.36.7.43 (hsphxmcas02.hs.azdhs.gov) and 159.36.129.203 (smg0.hs.azdhs.gov / securemail3.azdhs.gov). Given that the hostname HSPHXMEXMB01 appears also in the message id and mime multipart separator either means the headers are valid or someone did an above average effort at faking them. -- Got some spare cpu cycles ? Join Team Helix or Team Starfire!
	to forum · permalink · 2013-01-03 13:53:38 ·
dsilvers join:2009-05-17 Canyon Lake, TX	My bad, you are correct, all those IP numbers belong to Arizona department of health.
	to forum · permalink · 2013-01-03 14:16:32 ·
NormanS Premium,MVM join:2001-02-14 San Jose, CA kudos:9	reply to leibold said by leibold: Given that the hostname HSPHXMEXMB01 appears also in the message id and mime multipart separator either means the headers are valid or someone did an above average effort at faking them. That name almost certainly identifies a specific computer at AZ-DHS. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
	to forum · permalink · 2013-01-03 17:50:22 ·

Krisnatharok Caveat Emptor Premium join:2009-02-11 Earth Orbit kudos:8	I called their general intake line, and asked to be transferred to someone in IT to report phishing from one their employees, and they instead transferred me to the employee in question(!!), who was rather embarassed, and said I was probably the third person today to contact her and let her know her computer was infected. She seemed sure it wasn't a virus, but it sounded like she was a rather typical, non-technical user, so I can only hope AZDHS is professional enough to be monitoring their own network. You would think it would be easy enough for local law enforcement to subpoena the email address listed as the POC for the scam and go from there, but what do I know... I guess Sheriff Joe has other, more important priorities right now. -- Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.
	to forum · permalink · 2013-01-03 18:47:09 ·
AVD Respice, Adspice, Prospice Premium join:2003-02-06 Onion, NJ kudos:1	This is better in scams and phishbusters. Maybe MGD can take a crack at it. -- * seek help if having trouble coping --Standard disclaimers apply.--
	to forum · permalink · 2013-01-04 08:25:03 ·
Krisnatharok Caveat Emptor Premium join:2009-02-11 Earth Orbit kudos:8	Not sure what there is to crack, I'm willing to bet the State of AZ has all sorts of nasty viruses flying around its network. -- Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.
	to forum · permalink · 2013-01-04 11:21:55 ·
goalieskates Premium join:2004-09-12 land of big	reply to AVD I'm happy with it being here. It's a reminder that government entities can pose as much security risk to users as anyone else, if not more. A sad reminder, at that.
	to forum · permalink · 2013-01-04 11:44:25 ·

Broadband Tech > Security > Security > Phishing from an AZ .gov address?