Fake Banner Web phishing - "UREGNT: Phishing Alert"

 
From: [redacted] IT Alert <ithelp@[redacted].edu>
Date: Sat, Oct 26, 2013 at 6:23 AM
Subject: UREGNT: [redacted] Phishing Alert
 
 
Hello,
To secure our system and all employees details from all forms of cyber attacks and phishing threats following the latest compromise on our database yesterday, the IT Services and the Human Resources have unanimously agreed to immediately upgrade all employees details on our system to the latest OLTP Microsoft Server . Hence to secure your profile and details you are required to immediately upgrade to this platform.

It takes less than 2 minutes to update your profile. Follow the link below to have your details immediately upgraded:
 
http://secure.its.[redacted].edu/oltp-upgrade14.employeeHRMS/?cm=login <http://aktivmoto.ru/www.[redacted].eduHRMS.ITupdate/login/Login.htm>

This is mandatory, hence follow the instructions above.
Thank you,
IT Services & HR Management System

Redirects again to 



headers

Received: from xxxxxxxxxxxxxxxxxxx by na3sys009amx201.postini.com ([74.125.148.10]) with SMTP;
    Sat, 26 Oct 2013 04:49:55 PDT
Received: from webserver.1maxdns.com (HELO sun.newipdns.com) ([202.190.70.136])
  by xxxxxxxxxxxxx with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Oct 2013 07:49:31 -0400
Received: from max6782 by sun.newipdns.com with local (Exim 4.80.1)
    (envelope-from <max6782@sun.newipdns.com>)
    id 1Va1CX-0008Qf-TH
    for xxxxxxxxxxxxxxxx; Sat, 26 Oct 2013 18:34:37 +0800
To: xxxxxxxxxxxxxxxx
Subject: UREGNT: GWU Phishing Alert
X-PHP-Script: www.1maxhosting.com/system/downloads/pro.php for 192.210.200.146
From: [redacted] IT Alert <ithelp@[redacted].edu>
Reply-To: hulacyun1@gmail.com
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Va1CX-0008Qf-TH@sun.newipdns.com>
Sender:  <max6782@sun.newipdns.com>
Date: Sat, 26 Oct 2013 18:34:37 +0800

z

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.