Educause Security Discussion mailing list archives
Re: Survey sites used for Phishing attacks
From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Wed, 20 Oct 2010 16:09:51 -0400
We're staring to see this in the phishing campaign emails we receive: Shortened_URL_Service_A -> Shortened_URL_Service_B -> ... -> Compromised site hosting credential harvesting form -OR- Legitimate survey / form site. In the latest, the phisher/spammers (phammers?) even went through the trouble of branding the email. On 10/19/2010 6:57 PM, Philip Webster wrote:
On 20/10/10 2:39 AM, Chris Green wrote:I’ve seen an increasing number of these of late and they are a pain to deal with, especially if you take the IP based approach when responding. Even URL-based ones can be of limited use since the actual form can change so often. On a related note, I’ve been trying to look at encryption portal/email solutions so you can transport messages in an encrypted fashion without needing to deploy PKI. Net result: You send out emails that instantly ask people to click on something and enter a password. ;-)Our email team found one over the weekend -- phishing hosted by a survey/form site, link-shortening service used. After two quick emails the phishing site was taken down and the shortened link was pointing at a phishing awareness site, both voluntary actions by the respective owners. No blocking needed at our end in this case. Cheers Phil
-- - Anthony Maszeroski, CCNA, CISSP ----------------------------------- Information Security Manager The University of Scranton email : maszeroskia3 () scranton edu phone : 570-941-4226 -----------------------------------
Current thread:
- Survey sites used for Phishing attacks Ram Smith (Oct 17)
- Re: Survey sites used for Phishing attacks Greg Russo (Oct 18)
- Re: Survey sites used for Phishing attacks Chris Green (Oct 19)
- Re: Survey sites used for Phishing attacks Philip Webster (Oct 19)
- Re: Survey sites used for Phishing attacks Anthony Maszeroski (Oct 20)
- Re: Survey sites used for Phishing attacks Chris Green (Oct 19)
- Re: Survey sites used for Phishing attacks Greg Russo (Oct 18)