ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
Information Security Home
Threat Matrix
Security Threats
System Alerts
Security Defenses
Best Practices
Technical Controls
 
Security Tools
Network Standards


 Phishing Phishing Samples

 robotIcon Bot/Bot Herd

 handClawIcon Hackers

 bombIcon Malware

 computerSafe Password Cracking

 rabbithaticon Social Engineering

 spyicon Spyware

 computerbombicon Viruses

Information Security
 

Confirm--Or Lose--Your Email Account

This message is very typical of phishing attempts to trick college and University members into revealing their account passwords.

From:ADMIN HELPDESK [mailto:adminhelpdesk10@gmail.com]

Check out the address that will receive your reply. As you can see, it has nothing to do with any University. It's hosted by gmail. But, in some cases you will see a From address that looks real as in the following example.

From: Online Services <onlineservices@albany.edu>

In this case, taken from a separate phish, the From: address looks like a real albany.edu account. In fact, if you tried to reply to this message, a separate, totally different address would appear in the To: field of your response. That's because the From address is not necessarily the address that will receive your reply. The real reply-to address can be hidden until you actually try to reply. But after deciding to respond, most people don't check to see if the addresses are, indeed, the same.

Sent: Friday, April 18, 2008 9:22 AM
Subject: VERIFY YOUR ALBANY.EDU EMAIL ACCOUNT NOW.

Dear albany.edu Email Account Owner,

This message is from albany.edu messaging center to all albany.edu email account owners. We are currently upgrading our data base and e-mail account center. We
are deleting all unused albany.edu email accounts to create more space for new accounts.

To prevent your account from being closed, you will have to update it below so that we will know that it's a present used account.

Poor English is another clue that this is not a legitimate request.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

As is the case with many phishing attempts, the element of urgency is introduced by threatening loss of service.

Thank you for using albany.edu
Warning Code:VX2G99AAJ

Phony "warning code" tries to make this phish sound legit.

Sara Andrews
albany.edu Team

Take a look at http://www.albany.edu/whois to see if "Sara Andrews" is a bonafide University employee.

http://www[dot]albany[dot]edu/

The live link to the actual Albany web page tries to lend an air of authenticity to the phish. If you go there, you will see nothing about the University sending an email asking for account passwords.
 

Glossary

 SiteMap