Password Phishing - IT-service Desk

From: [redacted] <[redacted]@camosun.bc.ca>
Date: Tuesday, September 30, 2014
Subject: IT-service Desk
To: "info@domains.org.tg" <info@domains.org.tg>


Your password expires in 4 days Staff and Faculty Click Here to validate your e-mail and password

IT-service Desk
Faculty/Staff/Administrator


Nigerian 419 scam - CONGRATULATIONS!!!

From: Google Inc <sergeybrin@gpawardprom.com>
Date: Sat, Sep 27, 2014 at 4:33 PM
Subject: CONGRATULATIONS!!!

To: [redacted]

Dear Google User,

We wish to congratulate you for being selected as a winner in the 2014 Electronic Online Sweepstakes, you have been selected for your active use of Google online services.
Kindly, find attached email (PDF File) with further instructions.


Mr. Sergey Mikhaylovich Brin,
Claims Administrator,
Google Inc(UK)






Password theft - Library Account Access

From: [redacted]
Date: Thu, Sep 25, 2014 at 2:08 PM
Subject: Library Account Access


Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

https://www.aladin.wrlc.org/Z-WEB/PATPage_req=main_hgrqlq3guQGSvmr6HfYgLxLl7OaotK2tqF3jXmjsQBNmMZ6oOm7xddToF0IZuy5aotK2tktvsUZqXp432csrP2pNl9Y8piddToF0IZuy5OaxADzVs1gFMYIEjm8aLh5JLT=dymyJ7x0WuoqEBv0LGTB4VF3jXmjsQBN/

If you are not able to login, please contact Library Services Manager at jharris@gwu.edu.

Sincerely,

[redacted]
Library Services Manager
Access and Delivery Services
Estelle and Melvin Gelman Library
George Washington University

The phishing URL redirects to
http://www.aladin.wrlc.org.seae.tk/Z-WEB/PATPage_req=main_hgrqlq3guQGSvmr6HfYgLxLl7OaotK2tqF3jXmjsQBNmMZ6oOm7xddToF0IZuy5aotK2tktvsUZqXp432csrP2pNl9Y8piddToF0IZuy5OaxADzVs1gFMYIEjm8aLh5JLT=dymyJ7x0WuoqEBv0LGTB4VF3jXmjsQBN/

After the login compromise, it redirects to the legitimate World Library Services Page at https://www.aladin.wrlc.org/Z-WEB/PATLogon