Phishing E-Mail Seeks Details of Penn State Account Holders
According to Robin Anderson, Director of Multimedia Technology at Information Technology Services (ITS), staff members of Penn State University including employees of its office received phishing e-mail, as reported by Collegian on June 9, 2008.
According to the officials, the e-mail seemed to have come from the Penn State e-mail address, firstname.lastname@example.org, although it was dispatched from outside Penn State. The sender possibly used the Penn State address to disguise his/her actual e-mail ID and to make the e-mail appeared legitimate to recipients.
According to Anderson, Senior Systems Analyst John Corro of Penn State had previously used the email@example.com address as a pseudonym of the official e-mail address, which the phisher used in the scam. However, a couple of recipients replied to the fake e-mail.
Also, as accords to the University officials, online crimes such as phishing are frequently run offshore, which makes it difficult to track their origins. phishing relates to a method of an e-mail fraud in which legitimate looking e-mails are sent in attempts to collect the recipients' financial and personal information. Typically, the e-mail messages seem to arrive from reputable and trusted Websites such as the one of Penn State University.
According to security professionals, phishers apply various kinds of e-mail spoofing and social engineering tricks to try and dupe their victims. Therefore, the experts warn users to be wary of any legitimate looking e-mail that asks the recipient to update his financial or private information. Experts also urged recipients to visit the company's Website to check out the authenticity of request.
The officials also said that people, who reply to such scam e-mails, might end up with someone access their username and passwords that could unlock further sensitive information.
The experts further said that Penn State University would never request its account holders to provide their username or password. Apart from assuring that the school would not request for user IDs or passwords, the officials told the staff and students to keep such personal information private; however, if for any reason an account is compromised, the owner should change the password and check his account.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 26-06-2008