2014.07.25: Phishing Attempt, "Re-Validate Your School Mail Box"

Over the weekend IT received numerous reports of a phishing attempt that landed in a large number of CalArts inboxes:

Fwd__Re-Validate_Your_School_Mail_Box_-_ccuttriss_calarts_edu_-_CalArts_Faculty_and_Staff_Mail.jpg

This message produced the most "this doesn't look right" forwards to us than any other attempt that I'm aware of.  From a security perspective our communities' reasonable skepticism is very encouraging to see, especially when it involves attempts like this.

As a matter of standard practice CalArts IT will never ask for your password via email, and we encourage you to forward any suspicious looking email (even from known senders or contacts) to us so we can either verify it as good or take appropriate actions to prevent security breaches.

Raw Email Data:

Delivered-To: *****@calarts.edu
Received: by 10.58.92.76 with SMTP id ck12csp91403veb;
Fri, 25 Jul 2014 21:31:14 -0700 (PDT)
X-Received: by 10.68.192.106 with SMTP id hf10mr23371323pbc.30.1406349074306;
Fri, 25 Jul 2014 21:31:14 -0700 (PDT)
Return-Path: <yz446@njit.edu>
Received: from psmtp.com (na3sys009amx187.postini.com [74.125.149.168])
by mx.google.com with SMTP id fw12si5556157pdb.511.2014.07.25.21.31.13
for <*****@calarts.edu>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Fri, 25 Jul 2014 21:31:14 -0700 (PDT)
Received-SPF: neutral (google.com: 74.125.149.168 is neither permitted nor denied by domain of yz446@njit.edu) client-ip=74.125.149.168;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 74.125.149.168 is neither permitted nor denied by domain of yz446@njit.edu) smtp.mail=yz446@njit.edu
Received: from mail-we0-f194.google.com ([74.125.82.194]) (using TLSv1) by na3sys009amx187.postini.com ([74.125.148.10]) with SMTP;
Sat, 26 Jul 2014 04:31:13 GMT
Received: by mail-we0-f194.google.com with SMTP id u56so1732721wes.1
for <*****@calarts.edu>; Fri, 25 Jul 2014 21:31:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:sender:date:message-id:subject:from
:to:content-type;
bh=BUE5AjqtPpJIn5Y1Ic69pq8VmSHoKlJhSrdzqur0uqs=;
b=NyLLavJfeEzO91k8rh9/D8s3Xxsjt1r2zMXmiQZTFy3rQbLNtaQaiUVBvdFaOjD25C
T4SkZXcIy3/06UyJCGxprZ/P1D1wIZqq7Y7QK+Ig0ifw6OsnX/Ye3IpSyoSe7BWfrbaQ
4dvGUFvO5HiSHc71PT89N2Dzsee1NfG8XEBDYrX7LfEOUi1ahyeC3GGT9O02qMRcoivG
EZ87uhHZbKnfex7x3mlIMYrcQ5ERm7/JsakwGZ9vaI2HCZd7Qhos4q/iwfly4MqCf2Jq
aDkc9Nu2LXrP/Y7nJVmEXqWIkguBqxE/3Zg8xnu+m+7mI5qX6nHl2cdhZLAi/rPPW47y
+xGw==
X-Gm-Message-State: ALoCoQne2vycWvZox1oS4GYRg3PhYZcogTueY3feIjpzvjJtqRc9KPecANn2o7rByHrOGYOyiNTh
MIME-Version: 1.0
X-Received: by 10.180.96.97 with SMTP id dr1mr10810047wib.19.1406349062529;
Fri, 25 Jul 2014 21:31:02 -0700 (PDT)
Sender: yz446@njit.edu
Received: by 10.217.157.72 with HTTP; Fri, 25 Jul 2014 21:31:02 -0700 (PDT)
Date: Fri, 25 Jul 2014 20:31:02 -0800
X-Google-Sender-Auth: FCw_rzqgQDrc-Ls3cg4ufgHOEp8
Message-ID: <CAKpHbYC8q03HhhRmUEodVvE1LbVwGStu2JV-Fz1jK2r9YTLJ-Q@mail.gmail.com>
Subject: Re-Validate Your School Mail Box
From: "WEBMASTER I.T DESKTOP" <webmaster.master@outlook.com>
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary=f46d041825944d71dd04ff112888
Bcc: *****@calarts.edu
X-pstn-dkim: 0 skipped:not-enabled

--f46d041825944d71dd04ff112888
Content-Type: text/plain; charset=UTF-8

I.T HELP-DESK
------------------------
Re-Validate- *< Click Here>>*

*NOTE:* That Failure to comply may result in the loss of your account
within the next 24 hours.

Signed By Webmaster.
*Maintained by the Technology Department. Copyright 2014.*

--f46d041825944d71dd04ff112888
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I.T HELP-DESK<br><div style=3D"font:13px arial,sans-serif;=
color:rgb(34,34,34);text-transform:none;text-indent:0px;letter-spacing:norm=
al;word-spacing:0px;white-space:normal">------------------------<br>=C2=A0R=
e-Validate-=C2=A0<span>=C2=A0</span><b style=3D"color:rgb(0,0,255)"><u><a s=
tyle=3D"color:rgb(17,85,204)" target=3D"_blank" rel=3D"nofollow">&lt; Click=
Here&gt;</a>&gt;</u></b></div>

<div style=3D"font:13px arial,sans-serif;color:rgb(34,34,34);text-transform=
:none;text-indent:0px;letter-spacing:normal;word-spacing:0px;white-space:no=
rmal">=C2=A0=C2=A0<span> </span><br><u><span style=3D"color:rgb(255,0,0);fo=
nt-weight:bold">NOTE:</span></u><span>=C2=A0</span>That Failure to comply m=
ay result in the loss of your account within the next 24 hours.<br>

<br>Signed By Webmaster.<br><b>Maintained by the Technology Department. Cop=
yright 2014.</b></div></div>

--f46d041825944d71dd04ff112888--

Have more questions? Submit a request

Comments

  • Avatar
    Chandra Khan

    Thanks Cris
    This is really very helpful.

    Chandra

Please sign in to leave a comment.