Phishing Scam Attacks South Island Universities

Lincoln, Canterbury, Otago and South Island universities have been attacked by a "spear phish" campaign, which was directed towards leaking details of staff and students. All the universities are facing troubles with the phishing campaign attacking e-mail addresses.

Spear phishing is reported to be a mail spoofing fraud attempt that attacks a particular enterprise with the motive of gaining an unauthentic access to private data.

As always, "spear phish" mails have appeared to come from university information technology support teams which direct the users to reconfirm their passwords and user names. The users who believe these mails get their accounts used by attackers, who in turn, access the user's account for sending further phishing messages.

Some users from the Otago University have become victims of identity loss. For example, a senior post graduate student's username and password was being displayed on a Web page, made possible for the visitors to that page to access online library resources present through the university.

Yet, another case has also appeared in which a staff member came across a popping message while he was online. The message says that pornography has been discovered in his system, and it offers to clear it up. It is found that if the person has replied to the message, a key logger would have downloaded on the PC.

Key loggers are Trojan programs that control keyboard input and save data like credit card details. Further, systems can also deceive into downloading key loggers by masking itself underneath Websites and mails.

Also, a Spokesman from Canterbury University, said that their staff got mails in weekend regarding password details for the university mail account. He said that they have recommended the staff to ignore such mails, as they are not at all authentic.

Service desk team Leader of Lincoln University, Corey Woodward, said that their staff and students also received mails regarding the details of password, as reported by stuff on April 29, 2008.

Subsequently, a warning was issued for it and so far nothing has been leaked. Besides this, the campaign has also attempted to attack the European and North American universities. Universities of Australia had also spoken about their problems and recently New Zealand universities has been hit. Likewise, Temple University was also attacked by phishing scams on April 25, 2008.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 5/3/2008