Is it really necessary to warn people on this list that an email or any other communication, no matter how official-looking or where it appears to originate, requesting their credentials should be treated as phishing until proven otherwise?
Perhaps putting together a course with the basics could help...although I've seen a lot of people claiming to be security experts give really truly horrible advice based on voodoo and just plain silliness. "Change your password frequently" would be one example of such bad advice. Cheers, David. On Mon, Dec 06, 2010 at 08:20:56AM +0800, Harisfazillah Jamel wrote: > Assalamualaikum and salam sejahtera, > > carefull friends, this is a phishing email that want your Google > Account Password. > > > ---------- Forwarded message ---------- > From: Google_Data/[email protected] <[email protected]> > Date: Mon, Dec 6, 2010 at 4:14 AM > Subject: Very Important Updates > To: > > > We just need to verify your account before we can assure you of our > new webmail secure server system. > Account verification helps with preventing spam. Recovering account > access: we will use your information to verify your identity if you > ever lose access to your account. To prevent your account from > disability, you will have to provide your login details below for > verification and confirmation purpose on the new database system. > > Your User’s Name: > > Password: > > Current Country: > > Warning!!! Account owner that refuses to provide the full details > above within Seven days of receiving this warning will lose his or her > account permanently. > > For more information, please read our frequently asked questions. > The Google Team. > > --------- Email Header ----- > > > Delivered-To: [email protected] > Received: by 10.231.117.230 with SMTP id s38cs101391ibq; > Sun, 5 Dec 2010 12:14:41 -0800 (PST) > Received: by 10.150.219.3 with SMTP id r3mr4507084ybg.240.1291580080884; > Sun, 05 Dec 2010 12:14:40 -0800 (PST) > Return-Path: <[email protected]> > Received: from p3plwbeout13-03.prod.phx3.secureserver.net > (p3plsmtp13-03-2.prod.phx3.secureserver.net [173.201.192.166]) > by mx.google.com with SMTP id q23si10629692ybk.28.2010.12.05.12.14.40; > Sun, 05 Dec 2010 12:14:40 -0800 (PST) > Received-SPF: neutral (google.com: 173.201.192.166 is neither > permitted nor denied by best guess record for domain of > [email protected]) client-ip=173.201.192.166; > Authentication-Results: mx.google.com; spf=neutral (google.com: > 173.201.192.166 is neither permitted nor denied by best guess record > for domain of [email protected]) [email protected] > Received: (qmail 3898 invoked from network); 5 Dec 2010 20:14:40 -0000 > Received: from unknown (HELO localhost) (10.6.247.7) > by p3plwbeout13-03.prod.phx3.secureserver.net with SMTP; 5 Dec 2010 > 20:14:36 -0000 > Received: (qmail 5983 invoked by uid 99); 5 Dec 2010 20:14:36 -0000 > Content-Transfer-Encoding: quoted-printable > Content-Type: text/html; charset="utf-8" > X-Originating-IP: 41.30.224.160 > User-Agent: Web-Based Email 5.2.41 > Message-Id: > <20101205131436.b72153d6b5f308abe9d0b44d8e1fb3cf.6e30167f44....@email13.secureserver.net> > From: "Google_Data/[email protected]" <[email protected]> > X-Sender: [email protected] > To: > Subject: Very Important Updates > Date: Sun, 05 Dec 2010 13:14:36 -0700 > Mime-Version: 1.0 > > > -- > I love Aardvark! Join my network so we can help each other out... > http://vark.com/s/foGQ > > My Facebook > http://www.facebook.com/linuxmalaysia > > My Blog > http://blog.harisfazillah.info/ > > My Network > http://www.facebook.com/Bukan.Sekadar.Internet.Sahaja > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 -- David Fetter <[email protected]> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: [email protected] iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
