Go Phish

I work on a University Help Desk and you’d think our users would be at least slightly smart.. Below is an email I sent out to all users following a phishing scam and afterwards is a reply from a researcher.

From: Helpdesk
Sent: 31 August 2010 09:13
Subject: Email phishing scam
 
Dear all,
 
The following current scam is being delivered to many email addresses – and we know of at least 2 accounts that have been subsequently hacked and used in turn to send spam.
 
Information Services will be reporting this to Message Labs (the company that provides our spam filter) first thing this morning.
 
Subject: Dear Webmail User
 
This is to complete your account verification process of the
past year for the maintenance of your Webmail account. You
are required to respond to this message and enter your ID
and PASSWORD space (*******). You should do so before the
next 48 hours of receipt of this email, or your account will
be deactivated and deleted from our database.
 
Full Name:
WebmailUser ID:
WebmailPassword:
Confirm Password:
Date Of Birth:
 
Your account can also be
monitored;
 
Copyright© , 2010
 
You are advised to ignore and delete this message. If you have inadvertently given your account details, you are advised to change your password as soon as possible.
 
Thanks,
Helpdesk

And the reply:
From: [User]
Sent: 02 September 2010 03:21
To: Helpdesk
Subject: RE: Email phishing scam
 
Dear
 
I cann’t understand , what do you mean about this e_mail but anyway  I send for you all information which you need.
 
FULL NAME : [Her full name was here]
MY ID :[Her ID was here]
PASSWORD:[Her completely unsecure password which was her name followed by a couple numbers was here]
D.O.B :[Her date of birth was here]
 
Thanks
[User]
Head. Against. Desk.

[Picture Source = ivanpw (CC)]

  • DohMastah

    But the guy had a really trustworthy face!

  • Jonathan Windham

    what a moron, forward that to her boss. Or if you are feeling evil go BOFH style, log into her email and have fun with blackmail material,account numbers etc.

  • Anonymous

    1) I had a brief stint in academia, and have done UI work for systems for researchers.  Never mistake an over-abundance of education for intelligence.

    2) Also, you would think people who work for an Internet development company would be smart.  I worked in one when the “ILoveYou” virus exploded in May 2000 – since it initially targeted things like JPG, CSS, MP3 and the like, it ate through our system almost immediately when the more business-minded part of our staff opened up the one of the messages and clicked on the attachment.  (DUH.)

    We had a special emergency all-hands meeting, detailing the problem and pretty much telling us to stop work on everything immediately so IT could remove the virus and use our previous night’s backups could be used to clean things up.  Our tech team worked almost non-stop for 36 hours to eradicate it from our system (I wasn’t tech support anymore, but as a former rep, I went around my large department, identified the infected computers, and plugged up the obvious security holes).  Another all-hands meeting was held to discuss what happened, and to point out what virus mails looked like so this wouldn’t happen again.

    So what happens the first day we’re allowed back on our systems?  After all the education and warning, work stoppage and national news coverage?  Three separate PM’s opened the mail and clicked on the attachment because it was sent to them from friends outside the company.  They didn’t stay employed with us for much longer.