Spammers Target MIT User Accounts with Phishing E-mails
According to the administration of Massachusetts Institute of Technology, phishers are targeting its user accounts to accumulate the individuals' personal information. In this run of attacks, approximately 20,000 people were recipients of phishing e-mails in March 2008 alone.
These phishing e-mails try to dupe recipients into divulging their sensitive personal information that the e-mail's sender collects for his own benefit. One such phishing activity has been attacking MIT frequently. A number of the messages seemed to arrive from MIT's own Web e-mail service and also from the Web e-mail of other universities.
According to MIT Network Manager, Jeffrey I. Schiller, about six individuals have disclosed their passwords in response to the attackers' e-mails. Also, the victims have sent the information to oversea locations like Hong Kong, as reported by the Tech, MIT's largest and oldest newspaper, March 31, 2008.
In one attack on March 27, 2008, the hijacked account of Senior Lecturer, Shun Kanda, Department of Architecture, was manipulated to spam further fraud e-mail through the university's Web mail system.
However, according to Schiller since MIT was neither a company issuing credit cards nor a bank therefore, the users' compromised accounts wouldn't be of much use. But, recent progress in technology to prevent spam lends value to genuine user accounts. E-mail dispatched from a university account has more chances of being accepted than e-mail delivered from a hacked computer within a botnet.
Unauthenticated e-mail dispatched through MIT servers without verified sender credentials makes it convenient for manipulation. But, an authenticated e-mail from MIT that has verified sender credentials with the correct username and password is regarded as more trustable and therefore, more difficult to send.
E-mails spammed through MIT computer systems have been causing a consistent problem. In 2003, AOL stopped all outbound e-mail of MIT for five consecutive days. However, AOL eventually said it was ready to accept MIT e-mails, provided the institute first checked every message for any unwanted spam.
Meanwhile, to prevent any further misuse of its Web mail system, MIT has restricted the number of outbound e-mails of a MIT account user to 15 per 15 minutes.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 08-04-2008