SF University Falls Prey to Phishing Scam
Above 50,000 state students and faculty members of SF (San Francisco) State University have received fraud e-mails. The emails appear to be from the University officials and ask receivers to submit their personal information, according to university officials.
The University's (DoIT) Division of Information Technology has urged users not to respond back or submit their personal data to all these fraudulent emails.
Julianne Tolson, the Director of Web and user services, said that these fake emails are to be taken seriously and any data submitted to them would pose huge threat to confidentiality or financial status to the recipient. The spammer can use the email address to circulate more spam, as reported by SFSU on March 12, 2008
Though scams of phishing are not new concept, but targeting University students along with faculty members have increased in the month of February this year (2008). These attacks are often termed as "spear phishing."
On March 3, 2008, an email was sent to undisclosed recipients with subject heading "UPGRADE YOUR EMAIL ACCOUNT", from, "firstname.lastname@example.org". On March 7, 2008 another mail titled, "Accounts Review" was sent to all the members from the address email@example.com. Both the e-mails inquired the recipients for their personal information including Student I-D, Birth date country and passwords.
All the phishing e-mails pretend to be from a trusted source, administrators of the University's e-mail. The email asks the recipients to reply with details like their e-mail username and password. Apart from that, to make the mails look more convincing and true, the emails contained links to SF State Web pages, University logo, and sender addresses, which looks almost like legitimate accounts.
As per Mig Hoffman, the Information Security Officer, SF State, many of the email addresses are accessed from social networking Websites or other Websites where faculty members or students post information or email id's, for professional or personal work, as reported by Xpress on March 13, 2008.
Though University is raising awareness about phishing scams by sending text messages or through the login pages of the "SF State" Web portal, DoIT is also searching for new software that can intercept phishing e-mails efficiently.
Related article: SAP Admits the Charges of Downloading Oracle’s Data
» SPAMfighter News - 25-03-2008