On Mon, 9 Feb 2009, Will Fiveash wrote: > From: Will Fiveash <[email protected]> > To: Tom Yu <[email protected]>, Ken Raeburn <[email protected]> > Cc: MIT Kerberos Dev List <[email protected]>, > MIT Kerberos List <[email protected]> > Date: Mon, 9 Feb 2009 22:37:36 -0600 > Subject: MIT e-mail phish attempt > > Just got the attached e-mail (which I bzip2ed) that contained: > > Date: Mon, 09 Feb 2009 23:23:12 -0500 (EST) > From: MIT Support Team <[email protected]> > Subject: > To: undisclosed-recipients: ; > > Dear mit.edu User, > > Your email account has been used to send numerous Spam mails recently from > a foreign IP. As a result, the mit.edu has received advice to suspend your > account. However, you might not be the one promoting this Spam, as your > email account might have been compromised. To protect your account from > sending spam mails, you are to confirm your true ownership of this account > by providing your original username (*******) and PASSWORD (*******) as a > reply to this message. On receipt of the requested information, the > "mit.edu" web email support shall block your account from Spam. > > Failure to do this will violate the mit.edu email terms & conditions. This > will render your account inactive.
This is a very common attack against usernames/passwords. We, and others, are seeing a lot of these. Usually the Reply-To address is set to a separate account used to capture account details from the reply. See: http://code.google.com/p/anti-phishing-email-reply/ for a project which targets the Reply-To address. I also believe the Sanesecurity anti-phishing signatures at: http://www.sanesecurity.com/ will defend against some of these attacks. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [email protected] Phone: +44 1225 386101 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
