Why there's a bunch of spam from university webmail systems right now

You may have noticed that as of late there's a bunch of spam (usually advance fee fraud spam) coming from various university webmail systems. (When it has real IP origin information, it is often from the usual suspects.)

Until now, I thought that this was because spammers had worked out how to compromise webmail systems. It turns out that it is worse than that; phishers are specifically targeting universities. And these are not your run of the mill ordinary phish attacks, where you get email about your account at a bank you don't use in a country you don't live in. I'll quote (with permission) from Alex Nishri:

Since January there have been a series of attacks targeting Universities with custom phishing messages designed to steal userids and passwords. Once people respond with their userid and password, the phishers log on to the target University's webmail system and send out thousands of spam and phishing attack messages. Many Universities have been hit dozens of times.

The message content has been getting more and more customized. For example, it frequently uses the names of real people (e.g. apparently coming from the CIO or someone who heads a particular IT service), and copies the style of real broadcast messages. A common recent ploy is to say, "... although <university name> would not normally ask for passwords by e-mail, we have made a one-time exception to this policy in order to verify with certainty the identity of users ..."

Compromised accounts have been used for spam, and also probably have been resold for things like access to our library system's university-only online collection. The attacks have been very successful; such a phish message might go to 2000 people, and about 20 to 30 reply.

(I don't know about you, but a 1% success rate scares the heck out of me.)

There's a bunch of unpleasant implications of this. For me, the biggest one is that spammers have clearly determined that there is money to be made in these particular hills. (Actual money generally makes spammers especially ingenious and tenacious.)

These are my WanderingThoughts
(About the blog)

GettingAround
Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.

* * *

Atom feeds are available; see the bottom of most pages.

This is a DWiki.
(Help)

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

Search:
Written on 09 April 2008.
(Previous | Next)
Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Wed Apr 9 23:35:47 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.