Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Why go high-tech?

Published: 2008-06-17
Last Updated: 2008-06-17 17:09:50 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)

We received a report today from an EDU that received hundreds of undeliverable notices from other EDU domains.  Their "helpdesk" email box had been used as the spoofed from address in a simple "ask for the user's password to avoid account closure" attempt to gather email account passwords from unsuspecting college students.  But instead of going to a website, user is just supposed to send the account details to an email address at the bottom of the page.  Turns out that a couple of them replied with their account details to the EDU, instead of the attacker.  It is somewhat of a catch-22 for the attacker - use a more official "from" address and user is more likely to reply; but the same user is likely not to follow the directions at the bottom of the message stating send your reply to 

The story reminds me of "stupid criminal" stories.  But on the Internet, there is less chance of getting caught and more likelihood that someone will fall for the attack.

Keywords: lowtech phishing
0 comment(s)
Diary Archives