Wandering Thoughts archives

2008-04-09

Why there's a bunch of spam from university webmail systems right now

You may have noticed that as of late there's a bunch of spam (usually advance fee fraud spam) coming from various university webmail systems. (When it has real IP origin information, it is often from the usual suspects.)

Until now, I thought that this was because spammers had worked out how to compromise webmail systems. It turns out that it is worse than that; phishers are specifically targeting universities. And these are not your run of the mill ordinary phish attacks, where you get email about your account at a bank you don't use in a country you don't live in. I'll quote (with permission) from Alex Nishri:

Since January there have been a series of attacks targeting Universities with custom phishing messages designed to steal userids and passwords. Once people respond with their userid and password, the phishers log on to the target University's webmail system and send out thousands of spam and phishing attack messages. Many Universities have been hit dozens of times.

The message content has been getting more and more customized. For example, it frequently uses the names of real people (e.g. apparently coming from the CIO or someone who heads a particular IT service), and copies the style of real broadcast messages. A common recent ploy is to say, "... although <university name> would not normally ask for passwords by e-mail, we have made a one-time exception to this policy in order to verify with certainty the identity of users ..."

Compromised accounts have been used for spam, and also probably have been resold for things like access to our library system's university-only online collection. The attacks have been very successful; such a phish message might go to 2000 people, and about 20 to 30 reply.

(I don't know about you, but a 1% success rate scares the heck out of me.)

There's a bunch of unpleasant implications of this. For me, the biggest one is that spammers have clearly determined that there is money to be made in these particular hills. (Actual money generally makes spammers especially ingenious and tenacious.)

spam/UniversityWebmailSpam written at 23:35:47; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.