case western reserve university



Successfully Phished Account Spawns Spam Attack

September 15, 2009

A large scale spam attack on Case mailing lists was successfully perpetrated in the early morning hours today. It appears that a Case user had their userID and password phished, and the attackers used the stolen credentials to launch a spam attack, with "Mailbox Upgrade" in the subject line and "...from our Helpdesk Team" in the message, which included a link to another phishing site.

Unfortunately, the spam also included the user's name as the sender's signature, and in the from: field.

If you mistakenly clicked on the phishing link, you should have received a message about this being a suspected phishing site.

This event highlights the need for end users to be extremely conscious of fraudulent communications. The university receives regular phishing attacks, but the magnitude is amplified when a single user is phished, and that user's account is used as the source of more spam and phishing messages.

Posted by Thomas Siu at 09:58 AM

Powered by
Movable Type

Site Last Updated: Friday December 17, 2004 at 17:55:51