Utah University Targeted by Phishing E-Mail

Utah University students, staff and faculty members got e-mail on April 17, 2008, claiming to come from the university office and asking for personal information, including account number.

Phishing is widely used technique of criminals to extract personal information, like user names, credit card number, and passwords of a mail recipient by disguising in the cloak of a reliable entity.

The university officials recommended changing the e-mail password to those who had replied to the phishing e-mail in order to avoid misuse of account by someone from outside. Moreover, officials revealed the phishing e-mail also requested recipients to answer to solve some problems as part of their accounts revalidation process, saying that they may create trouble in the mail service.

Meanwhile, the university officials advised all concerned people to get in touch with Security operations to check the integrity of their account by mailing at iso@iso.utah.edu.

Phishing e-mails received by people begin with subject line, "URGENT E-MAIL NOTICE", and the text of message contains that University Webmail Service is revalidating the accounts after experiencing some problems.

On tracking the address of mail, "hhvhgvvvhjjnjnjcc@gmail.com", officials found that it is not a U address. This sort of e-mail comes in the list of "spear phishing", intentionally crafted to steal the personal information for misuse.

Chris Kidd, Chief Information Security and Privacy Officer, Utah University, said that the university never asks such kind of information by e-mails, as reported by THE DAILY UTAH CHRONICLE on April 17, 2008.

According to the university officials, generally people send reply to e-mails in haste without completely reading it. People read the mail so fast that they don't even understand what it contains and respond without pondering for a moment. But it is essential that people keep a vigil on e-mails they get.

Besides, last few months witnessed huge spurge in phishing attacks targeted at the universities. In a similar incident, over 50,000 people, including students, alumni, and faculty members at the SF State University (Stanford) received fake e-mails, asking them to furnish their personal information. The emails were disguised as they had been sent by SF State officials to look trustworthy.

Related article: UTD Database Suffers Network Intrusion

» SPAMfighter News - 4/21/2008