Director's Blog
Spear phishing

September 23, 2008

Spear phishing

Filed under: tech — Tom Holub @ 4:10 pm

Everyone at Berkeley and at other universities is seeing more messages of this sort:

We are currently carrying-out a mentainace process to your berkeley.edu account, to complete this process you must reply to this email immediately, and enter your User Name here (———-) And Password here(———-)  if you are the rightful owner of this account.
This process we help us to fight against spam mails.Failure to summit your password, will render your email address in-active from our database.

You can also confirm your email address by logging into your account at:https://calmail.berkeley.edu/

NOTE: You will be send a password reset messenge in the 48Hrs working days after undergoing this process for security reasons.
Your response should be sent to admin manager
Email: customer.careservice@live.com

Thank you for using berkeley.edu!
THE BERKELEY.EDU TEAM

As you’re probably aware, this message was not sent by anyone at Berkeley; it is an attempt at “spear phishing”–targeted messages sent to specific populations to attempt to trick them into giving up information they shouldn’t, such as credit card numbers, social security numbers, or account passwords.  In this case, the phisher (who appeared to be located in Singapore) figured out the URL of our webmail interface, and a couple of other details about the campus environment, to try to make the message more convincing.  Usually a few people get caught every time the phishers change tactics.  Typically what they’ll do is use the compromised password to send more phishing messages and a ton of spam.

The setup at Calmail does a pretty good job of blocking these messages, but because the messages keep changing, and can come from anywhere on the planet, there is always a window of vulnerability when the phishers come up with something new.

Remember:

  • Never send your bank account or Social Security number through email
  • System administrators will never ask you for your password through email.  If you get a request for your password, you should know it’s bogus.
  • If you get a questionable message, check out the From: and the Reply-To: addresses.  Phishers will try to disguise the message to make it look like it’s coming from a local person, but if you look closely you’ll see that you’re responding to someone in another country or at a yahoo.com address.

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Comments are moderated - if this is your first comment, it will not appear until it has been approved by a site editor.

Posts and comments on this blog are the opinions of their authors, and do not necessarily represent the opinions of LSCR, the College of Letters & Science, or the University.