"New" e-mail phishing scam

Julian Field MailScanner at ecs.soton.ac.uk
Sat Feb 21 11:01:18 GMT 2009


This is called "spear phishing". We get it all the time and it's what my 
previous work will catch for you. Take a look in my Logbook at 
www.jules.fm and you'll see the article about it, along with all the 
code you need to stop these attacks.

Sorry to say this, but it's old news from what I can see.

On 20/2/09 22:54, James Gray wrote:
> http://isc.sans.org/diary.html?storyid=5905
>
> Nothing particularly novel about the approach, but instead of sending 
> out messages from a spoofed "known" domain (foo at yahoo.com 
> <mailto:foo at yahoo.com>, foo at gmail.com <mailto:foo at gmail.com> etc) the 
> phishers registered "email-helpdesk.com".  I've black-holed that 
> domain at the MTA.  Thought it was worth sharing :)
>
> Cheers,
>
> James

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list