Phishing Scam Jolts The Ohio State University

An e-mail scam has made headways into The Ohio State University's (OSU) Webmail system taking over computers of both faculty and students and filling their mailboxes with junk e-mails, as reported by nbc4i on March 26, 2008.

The Ohio State University officials revealed that nearly 50 Webmail accounts have so far been compromised. Though the number does not establish it as a major issue, the accounts are being continuously flooded with spam e-mails and therefore, the number could escalate.

The phishing e-mail scheme is designed to exploit the username along with the password of the mail account holders. The roots of this phishing scam seem to lie in Nigeria. It carries new-generation Nigerian e-mail spam with messages like, "death awaits you". Some lottery scams originating from the United Kingdom also exploited the osu.edu addresses.

Around six or seven messages, appearing to be sent from the University's actual e-mail team are sent to the addresses, osu.edu, prompting users to reply back by logging-in with user Ids and passwords to verify the account as they recently migrated to this Webmail system.

Those people who fell victims to the trick found their e-mail accounts compromised. In addition, countless spam mails with the osu.edu domains also found way into the mailboxes of several other students.

Charles Morrow-Jones, Director of Information Technology Security, said that this process of taking over accounts to generate spam e-mail is not new, as reported by THE LANTERN on March 26, 2008.

Jones added that the threat wasn't so grave earlier because only a single or two accounts were affected every month. However, the problem has assumed gigantic proportion now with more number of people reverting back to these tricky phishing mails.

Cyber security officials of the university have asked all the staff and students to discard any e-mail that prompts them to divulge personal information. Besides, upgradation process of the university is impeded in order to deal with junk mails.

Cathy Bindewald, Director of Communications at the Chief Information Officer's office, said that someone who had an idea about the ongoing e-mail system upgradation spoofed them, as reported by THE LANTERN on March 26, 2008.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 4/1/2008