Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Why go high-tech? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Why go high-tech?

We received a report today from an EDU that received hundreds of undeliverable notices from other EDU domains.  Their "helpdesk" email box had been used as the spoofed from address in a simple "ask for the user's password to avoid account closure" attempt to gather email account passwords from unsuspecting college students.  But instead of going to a website, user is just supposed to send the account details to an email address at the bottom of the page.  Turns out that a couple of them replied with their account details to the EDU, instead of the attacker.  It is somewhat of a catch-22 for the attacker - use a more official "from" address and user is more likely to reply; but the same user is likely not to follow the directions at the bottom of the message stating send your reply to xyz@attacker.com. 

The story reminds me of "stupid criminal" stories.  But on the Internet, there is less chance of getting caught and more likelihood that someone will fall for the attack.

Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!