FYI...

- http://isc.sans.org/diary.html?storyid=3917
Last Updated: 2008-02-01 03:58:06 UTC - "We’ve had a few reports of Universities/Colleges being hit with some very targeted emails trying to get the userid and password of students. The email is usually along these lines:

Subject VERIFY YOUR xxxxxx EMAIL ACCOUNT NOW

Dear xxxxx Email Account Owner,

This message is from xxxxx messaging center to all xxxxx email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused xxxxx email account to create more space for new accounts.
To prevent your account from closing you will have to update it below so that we will know that it's a present used account.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........
Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.
Thank you for using xxxxxx!
Warning Code:VX2G99AAJ

Thanks,

Xxxxx Team

The sender will be often be xxxxxteam @ isp used to send msg or uni address. The reply address will be external to the organization. In the sample we have it is usxxxxxxcountupgrade @ live.com. (where xxxxx is the domain name used by the institution, without the .edu). The message often passes through some SPAM filters due to the relatively low volume of messages. If you have some samples we’d be interested in a copy. Look for messages to multiple recipients and increased volume of internal email to one specific external address... educate your students."

This article on Spear Phishing needs to go on the Front Page at CCSP.

DONE!

FYI...

- http://www.securityfocus.com/news/11504
2008-02-01 - "In an ongoing attack, students and faculty at nearly a dozen universities and colleges have been targeted by phishing e-mails since the middle of January. The e-mail messages masquerade as missives from each school's help desk, asking that the student confirm their uname and password as well as requesting more personal information, including date of birth and country of origin... Schools targeted include Columbia University, Duke University, Princeton University, Purdue University, and the University of Notre Dame. The e-mail accounts of students and faculty that fall prey to the fraud are used, in most cases, to send out further spam as part of a lottery scam, Pearson and IT administrators stated. The attack may have already hit European schools earlier in the month, one university IT administrator stated on a security mailing list... Phishing attacks targeted at a specific subset of people, while fairly common in the corporate world and against banking customers, have not often been used against students. Princeton and other schools sent out warnings to their students and faculty about the attacks and stressed that users should never give out sensitive information or passwords to other people..."

.

/a6873-Universities_in_the_US_being_targeted_in_a_Spear_Phishing_attack.html

GO THERE.