September 15, 2009
A large scale spam attack on Case mailing lists was successfully perpetrated in the early morning hours today. It appears that a Case user had their userID and password phished, and the attackers used the stolen credentials to launch a spam attack, with "Mailbox Upgrade" in the subject line and "...from our Helpdesk Team" in the message, which included a link to another phishing site.
Unfortunately, the spam also included the user's name as the sender's signature, and in the from: field.
If you mistakenly clicked on the phishing link, you should have received a message about this being a suspected phishing site.
This event highlights the need for end users to be extremely conscious of fraudulent communications. The university receives regular phishing attacks, but the magnitude is amplified when a single user is phished, and that user's account is used as the source of more spam and phishing messages.
Posted by Thomas Siu at 09:58 AM