University of Arizona Warns of E-mail Scam
The e-mail system of UA (University of Arizona) has been subject to a phishing scam during recent weeks, tricking people to disclose their personal information that malicious attackers could use for illegal purposes, as reported by THE WILDCAT ONLINE on April 8, 2008.
UA is particularly alarmed at the scam because it happens at the time when the university is carrying out a project of making 70,000 NetID users set new passwords that could potentially expose users to risk of identity theft. According to the information security coordinator at the university, phishers are regularly attacking the university servers while the school's information security department was doing its best to alleviate the problem.
The phishing e-mails sent to UA appear to come from spoofed addresses of the university. Visiting a dubious site could often allow hackers to upload malware onto victims' computers. The viruses then record every keystroke to be able to steal confidential information like credit card numbers and similar other information.
On April 4, 2008, the school-dispatched an e-mail across the campus from its Information Security Office explaining how the phishing e-mail was proliferating and requesting for the recipient's NetID username and password. The information helps to access UA's Webmail and its academic services such as Student Link and D2L.
Also, the message appears to arrive from a genuine university account and tells recipients that their account would be terminated if they failed to respond. Therefore, officials said that university members who are getting e-mail containing a link should never click open that link. Instead, they should copy and paste the URL address onto a different window so that they are not led to a Website that could put their private information under threat.
Moreover, if an attacker succeeds in hacking into someone's e-mail account and uses it for criminal purposes, it might be hard not to regard the account holder responsible for it. University officials suggested that the optimum way to distinguish the university e-mail from scam e-mail is to look for personalized messages in which the university e-mail addresses the recipient by name instead of showing a generic subject line.
Related article: University Reports Increase in Spam
» SPAMfighter News - 15-04-2008