Educause Security Discussion mailing list archives

Re: .edu email phishing

From: Jimmy Kuo <cjkuo () VERIZON NET>
Date: Tue, 1 Apr 2008 12:17:07 -0700

Caltech one came through tortellini.noc.ucla.edu [169.232.48.27] from
216.250.221.147.

----- Original Message -----
From: "Joe St Sauver" <joe () OREGON UOREGON EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Tuesday, April 01, 2008 12:04 PM
Subject: Re: [SECURITY] .edu email phishing

Hi Timothy,

#Ha!  Just found one with "UPDATE YOUR EMAIL ACCOUNT" in the subject from
=
#"educationalwebmaster75 () yahoo com" routed through uoregon.edu,
#128.223.142.41.
#
#Anyone from uoregon on this list?

<waves from Eugene> :-)

Could you send me a copy off list with full headers please? I'll be happy
to bring it to the attention of the right folks locally (128.223.142.41 is
one of our main mail servers, and determining where the message came from
behind that will require review of the messsage Received headers to
determine if it was a locally compromised user, someone forwarding their
mail, traffic on a mailing list, etc.)

Thanks,

Joe St Sauver (joe () oregon uoregon edu)
http://www.uoregon.edu/~joe/

Current thread:

.edu email phishing Jimmy Kuo (Apr 01)
- <Possible follow-ups>
- Re: .edu email phishing Rick Holland (Apr 01)
- Re: .edu email phishing Logan, Kimberly (loganks) (Apr 01)
- Re: .edu email phishing Winders, Timothy A (Apr 01)
- Re: .edu email phishing Joe St Sauver (Apr 01)
- Re: .edu email phishing Jimmy Kuo (Apr 01)
- Re: .edu email phishing Winders, Timothy A (Apr 01)
- Re: .edu email phishing Kees Leune (Apr 01)
- Re: .edu email phishing Jimmy Kuo (Apr 01)
- Re: .edu email phishing Brewer, Alex D (Apr 01)
- Re: .edu email phishing Lesli Sagan (Apr 01)
- Re: .edu email phishing Michael Behun (Apr 01)
- Re: .edu email phishing Zach Jansen (Apr 01)
- Re: .edu email phishing Dick Jacobson (Apr 02)
- Re: .edu email phishing Theresa Semmens (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)

(Thread continues...)