July 23, 2008

Worst phishing scam ever!

Got this message in my inbox yesterday:

This is to formally notify you that we are presently working on the Carleton webmail, and this can close your webmail account with Carleton completely.

To avoid this, please send your surname and password to Carleton Webmail Care on: carletonwebmailcare@webmail.co.za

Please do this, so that your Carleton webmail Account can be protected from being close.

Your immediate response is highly needed.


Customer Care Service.


  • It was apparently sent from a Verizon emall account named "CARLETON WEBMAIL CARE," but the supposed sender's initials and last name appear in he email address proper.
  • IT admins at Carleton University don't need to send admin messages from Verizon accounts.
  • Verizon doesn't even operate in Canada.
  • The Reply-To: address in the headers is to a webmail account in South Africa (the same one that appears in the message body). I'm pretty sure that if Carleton doesn't need Verizon for email access, they definitely don't need the equivalent of a South African Hotmail account.
  • Although my email account at the National Capital FreeNet is based at Carleton  University (where the mail servers are housed), I don't have a "Carleton webmail account."
  • Admin-type broadcast messages typically tell you why, when, and how long they plan to "work on" the system, so that people who rely on the service have prior warning, e.g. "The Network Gods will be performing scheduled maintenance to the webmail server on Friday, July 25 at 5 pm. This software upgrade is expected to last for about two hours. During this time, your account will not be accessible. We apologize for the inconvenience."
  • Thanks to such routine precautions as redundant systems and regular backups, the possibility of my account being "closed" "completely" due to "work" is basically nil.
  • Obviously, in the unlikely event of an unintentional hosing of the mail server, the powers-that-be do not need my "surname and password" in order to restore the system from a previous backup.
  • While IT professionals are not always the most literate folks, I've never seen a broadcast message so poorly written. I don't want my account protected from being "close." I like it nearby, where it belongs.
  • A large Canadian university doesn't have "Customer Care Service."

So, needless to say, I wasn't particularly fooled. This was a more transparent attempt to phish for my personal info than the usual bank/eBay/PayPal scams you see, and those are pretty obvious too.

But unless it's a coincidence that someone else was running a more sophisticated phishing scam at the same time, someone was fooled:

The e-mail system at an Ottawa university was crippled this week by cyber criminals who tricked a user into providing access to a university e-mail account.

The system at Carleton University is now back to normal, Ralph Michaelis, the chief information officer at the university's department of computing and communications services, said Wednesday.

Earlier in the week, the criminals used a university e-mail account to send out tens of thousands of spam e-mails, clogging the system and forcing users to wait up to five minutes to send or receive e-mail, Michaelis said.

Which only goes to show that there's no trick in the book so old that it won't catch a new fish.