kaida’s Blog

最近校内邮件系统连续有用户报告收到欺诈邮件,内容如下:

日期:     Sat, 07 Feb 2009 14:09:34 PST [2009年02月08日 06时09分34秒 CST]
发件人: SJTU MAIL MANAGEMENT <account.web2@live.com>
收件人: info@mail.lib.sjtu.edu.cn
主题:    上海交大邮件管理
邮件头: 显示邮件头
 
亲爱的上海交大电邮帐户所有者，
此消息是由上海交大邮件管理信息
中心对所有的电子邮件帐户的所有者。目前，我们正在
提升我们的资料库和电子邮件帐户center.We
正在删除所有未使用的电子邮件帐户，以创造更多的
空间的新帐户。

为了防止您的帐户关闭，您必须更新
在下面，这样我们也知道，这是目前使用
帐户。

确认您的电子邮件身份以下

电子邮箱用户名： ………. …..
电子邮件密码： …………….
出生日期： ……………..
替代电子邮件： ……….

警告！上海交大业主拒绝更新他或她
帐户后7天内将收到这样的警告
失去他或她的帐户永久。感谢您
了解上海交大邮件管理
 = = = = = = = = = = = = = = = = = = = =
使用了蹩脚的中文,估计是使用网上提供的自动翻译服务或相关软件翻的。发信者看来不懂汉语。
“网络钓鱼(Phishing)”作为一种网络诈骗手段，算不上新鲜事物，而且没有太多技术含量，主要是利用人们的心理来实现诈骗。不过这次使用中文也可以算是一个进步了。
可惜的是,这次又骗到了校内不少师生的帐号密码。

国外这种事情也不少见,下面是普渡大学一年前公布的一封欺诈邮件,和我们这次收到的内容完全一致,区别在是英文的。发信人是 account.upgrade@hotmail.co.uk,都是申请的免费信箱.
http://www.purdue.edu/securePurdue/news/detail.cfm?NewsID=195

From: accountupgrade@purdue.edu
Date: January 21, 2008 11:51:34 PM GMT-05:00
To: undisclosed-recipients:;
Subject: Verify Your Purdue Account Now
Reply-To: account.upgrade@hotmail.co.uk

Verify Your Purdue Account Now
Dear Purdue Account Owner,

This message is from Purdue messaging center to all Purdue email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all Purdue email account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know that it’s a present used account.

***********************************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : ……… …..
EMAIL Password : ……………
Date of Birth : …………….
Country or Territory : ………
***********************************************************

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Purdue!
Warning Code:VX2G99AAJ

Thanks,
Purdue Team
Purdue.edu BETA”

类似的还有很多,比如下面这个滑铁卢大学,也是  account.upgrade@hotmail.co.uk 发的
http://ist.uwaterloo.ca/security/vulnerable/20080403/20080122.html
Date: Tue, 22 Jan 2008 05:40:42 +0100 (CET)
From: accountupgrade@uwaterloo.ca
Reply-To: account.upgrade@hotmail.co.uk
To: undisclosed-recipients:  ;
Subject: Verify Your Uwaterloo Account Now

Verify Your Uwaterloo Account Now

Dear Uwaterloo Account Owner,

  This message is from Uwaterloo messaging center to all Uwaterloo email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all Uwaterloo email account to create more space for new accounts.

  To prevent your account from closing you will have to update it below so that we will know that it’s a present used account.

***********************************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : ……… …..
EMAIL Password : ……………
Date of Birth : …………….
Country or Territory : ………
***********************************************************

  Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Uwaterloo!
Warning Code:VX2G99AAJ

Thanks,
Uwaterloo Team
Uwaterloo.ca BETA

下面这个是犹他州立大学的,
http://www.utahstatesman.com/campus_news/1.558220-1.558220

Phishing message targets USU webmail users Lindsay Anderson
Print this article
Share this article Published: Friday, January 25, 2008
Updated: Saturday, August 16, 2008

A phishing message asking USU Webmail users for their username and password arrived in an estimated 800 students’ inboxes Monday night.

“Phishing is the Internet term for an attempt to fool someone into thinking that the message or Web site is from an official source, when it’s really from the hacker, fooling them into providing private info to the hacker as a result,” said Bob Bayn, Information Technology security team coordinator for USU.

The message, a forgery from a computer in the Netherlands claiming to be “cc.usu.edu Team,” asked users to send their e-mail username and password to “account.upgrade@hotmail.co.uk” for the purpose of upgrading the database, Bayn said.

The IT security team sent out a notice about the e-mail Tuesday, warning students to not follow instructions and to immediately change their password if they did, Bayn said.

“In general, phishing is not structured like this,” Bayn said. “This one was obviously a lot more direct and low tech. They just said please e-mail us your username and password.”

Bayn said most phishing scams send someone to a forged Web site, where they will access an identical copy of a familiar Web page. When someone enters their information on the fake page, for example, when they try to log in, the hacker automatically obtains access to that information.

“They don’t have to fool very many people to get what they want,” Bayn said.

“This message appeared to be directed to USU, but it was structured in a way that they could easily adapt that message to someplace else as well,” he said.

“Organizations that use log-in credentials don’t, as a rule, do the same things legitimately that phishing messages do,” Bayn said. “If you get a request via e-mail for private information, you should be immediately suspicious.”

Typically, messages like this don’t make it past the USU spam filter system, as most of it is blocked before it makes it to the inbox, Bayn said.

“A spam-filtering system does not relieve people of having to worry about this,” he said. “It relieves people of the burden of receiving the bulk, but there are still things that come through. People still need to be Internet skeptics.”

-lindsay.anderson@aggiemail.usu.edu

kaida Work 1,102 views