Stronger PHISH are getting smellier

Posted on July 24, 2012 by Mark Bedford

I came across this phish the other day and it is quite compelling. It seems that resorting to sarcasm is the latest social engineering attack for luring users into supplying their credentials:

Do you think we are joking, the username and password which you provide is not correct, we are contacting you to inform you that your <domain> mailbox has exceeded to 90% of its quota. And when it reaches 100%, new messages will be rejected and bounce back to the sender. To avoid missing mail, please keep your mailbox at a reasonable size. Fill the below: provide the below completely and correctly, because the info you provide to us we can’t reset your <domain> because is not the correct info. Note we are contacting you for the last time.

User name:
Password:
Retype Password:
Date of Birth:

The reply to email address was obviously not from within the organisation. I am pleased to say that no Otago users responded.

This entry was posted in Uncategorized by Mark Bedford. Bookmark the permalink.

Comments are closed.

Any views or opinion represented in this site belong solely to the authors and do not necessarily represent those of the University of Otago. Any view or opinion represented in the comments are personal and are those of the respective commentator/contributor to this site.

IT Assurance and Cyber Security

Categories

Pages

Meta