Scammers Launch ‘Spear Phishing’ Attack on PSU
Phishing e-mails recently reached the Portland State University (PSU) to thousands of its students and teachers. The e-mails claimed they were from User Support Services and the IT departments of the university, as reported by VANGUARD on April 10, 2008.
Although the e-mails had varied content, they were all common in one thing requesting the reader to provide his username and password to the e-mail's sender. This type of scam called "spear phishing" is the most recent threat to campus students' e-mail accounts throughout Oregon.
In phishing scams, mass e-mails are sent out in the disguise of communications from banks or any other trusted organization with the hope that some recipients would respond. The fraudsters attempt to gain the recipient's confidence, even more by pretending to be trusted entities from within the organization.
Janaka Jayawardena, Associate CIO of Technology Services, PSU, said that the scammers in the recent attack decided to get personal, as reported by VANGUARD on April 10, 2008.
Jayawardena was the individual whom the spear phishers impersonated in their messages. While majority of the e-mail recipients reported or simply ignored the message, some fell for the bait and responded, enabling the scammers to compromise their accounts and then they sent spam bulk e-mails from those accounts.
According to Jayawardena, PSU is now primarily concerned that spear phishers might even target BanWeb, the Student Information System. By compromising a BanWeb account, scammers can gain access to the student's personal information, financial aid details, school schedules, contact details and may be more.
When the e-mail hosting firms namely, Hotmail and Yahoo! started to observe a surge of spam mails from pdx.edu accounts, they reacted to the problem by blacklisting every inbound e-mail from Portland State users, legal or otherwise.
IT officials on the job to fight the spear phishers, however, suspect the presence of multiple groups instead of just one behind the attacks, although they have not been able to identify the culprits. While they have traced some of the ISPs from phishers based in India and Nigeria, several other attackers seems to have used Tor, the ISP anonymizer program that successfully disables tracking attempts.
Related article: Scammers Exploit Tax System Resulting in ID Theft
» SPAMfighter News - 19-04-2008