Phishing Attack on the Louisiana State University
In the third week of April 2008, e-mail accounts of the Louisiana State University flooded with phishing e-mail claiming Hancock Bank as its source. It asked recipients to participate in a survey to win a $500 as a prize.
The sender's e-mail address is firstname.lastname@example.org, which provides a link to access the survey. On tracing the link of the survey, university officials found themselves landing on the home page of Hancockbankq.com. But, after receiving these phishing mails, students complained of difficulties with their accounts.
One of the recipients of the e-mail disclosed that he provided all the information including his full name, address, credit card number, Social Security number, PIN and credit card security code asked in the mail. But fortunately, he was not the member of Hancock Bank.
He also said that the link provided in the mail takes user to the survey. But, some computers fail to take users to the main page of the survey. He also revealed that after checking the Hancockbankq.com, he found the link is based in Japan.
He also added that to know about his credit situation, he contacted with credit monitoring agency which assured him that if they found any illicit activity on his account they will seized the account.
Meanwhile, Hancock Bank Website confirmed phishing attacks and issued a warning. It also clarified that bank sent messages for survey with full name of the recipients and never asked for the personal information.
Sheri Thompson, Information Technology Services Communications and Planning Officer, Louisiana State University, said that actually the phishing attacks are spam but it is still unclear how the spammer got the University e-mail addresses, as reported by The Daily Reveillie on April 21, 2008.
Thompson also warned that using University e-mail for becoming member of MySpace.com, or Facebook.com could lead to more spam mails in user inbox. Thompson asked users to be careful and keep an eye on credit history.
Moreover, recently universities are targeted with phishing attacks. In a similar incident, Oxford University e-mail network was attempted to breach on April 17, 2008, as per the online posting by the Oxford University Computing Services (OUCS).
Related article: Phishing With A Redirector Code
» SPAMfighter News - 25-04-2008