Phishing email from a REAL .gov.za?

Mr Scratch

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,872
Reaction score
1,040
Hello,

I received the usual morning phishing emails like any other day, but today I saw one from "[email protected]" that somehow got past my filter. Ok so maybe it's a spoofed gov address that somehow managed to sneak its way in? I checked the headers and found the following:

Message ID <[email protected]>
From: Naomi Nthutang <[email protected]>Using Novell GroupWise Internet Agent 12.0.4
To: [email protected]
SPF: PASS with IP 196.15.218.221

Authentication-Results: mx.google.com;
spf=pass (google.com: best guess record for domain of [email protected] designates 196.15.218.221 as permitted sender) [email protected]

Received: by mail1.nwpg.gov.za (Postfix, from userid 1999) id 466668E0E3C; Fri,

Received: from NWPGDOa-MTA by webmail.nwpg.gov.za with Novell_GroupWise; Fri, 14 Oct 2016 06:04:47 +0200

X-Mailer: Novell GroupWise Internet Agent 12.0.4
Click to expand...

In the attachment, which was designed to resemble the login screen of a popular email service, I found some metadata the ****wit didn't remove:

=09<META NAME=3D"GENERATOR" CONTENT=3D"LibreOffice 4.0.2.2 (Linux)">
=09<META NAME=3D"AUTHOR" CONTENT=3D"Thys Beer">
=09<META NAME=3D"CREATED" CONTENT=3D"20130612;15581400">
=09<META NAME=3D"CHANGEDBY" CONTENT=3D"Thys Beer">
=09<META NAME=3D"CHANGED" CONTENT=3D"20130904;11253200">
Click to expand...

I found this: https://webmail.nwpg.gov.za/gw/webacc

Anyone know where I can report this? Seems like this mail account was compromised by someone.
 
There has been several governent hacks the last while with details exposed. Im sure its quite common these days as most of the systems I know of are in a terrible state.
 
If it is government then the best place to report would probably be SITA.
 
Sinbad said:
jesus who still uses groupwise
Click to expand...

most government offices.

We have only now moved over to hosted exchange.

Novell for login till some idiot at National Office wakes up and rolls out the MS servers that have been standing there for the last 2 years...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X