KU Concerned of Spear Phishing Attacking Students
The University of Kansas (KU) is currently receiving waves of "spear phishing" e-mails, according to the office of Information Security at KU. Spear phishing is a practice in which specific people are targeted with official-looking e-mails in a bid to acquire passwords and similar confidential information.
In the recent attack, phishing e-mails reportedly pose to arrive from "KU IT Support" and ask recipients to update their e-mail account details. But KU Information Security stresses that the university never solicit such information via e-mail.
The university officials said that they had been receiving reports in hundreds per week about phishing e-mails and about attacks in thousands on the KU network. Some people even reported that they had been allegedly getting the office's warning e-mail from an address firstname.lastname@example.org and that the messages appeared to be spam.
Further, Bill Myers, Director for Assessment and Outreach for Information Services, said that the office had been receiving reports of e-mails seeming to arrive from "KU Online Services", having an address email@example.com along with a non-KU answering address, as reported by Kansas on August 22, 2008.
However, less than 10 people answered to the final spear phishing e-mail, which authorities considered as a threat. The first time spear phishing e-mails against KU was reported in March 2007. However, every wave of phishing assaults appeared slightly different because the attackers constantly change their style. Meanwhile, the university e-mail security providers are also focusing to enhance the e-mail defenses.
Additionally, the Kansas University Information Security Expert recommends users to create complex and secure passwords to guard personal information particularly relating to their finances from illegal hackers. Also, KU has its own guidelines that mandate students to reset their school e-mail passwords at the beginning of every new semester.
Besides, phishing attacks have been increasing rapidly in the past few months, as is evident from similar news during the 3rd week of August 2008. According to that, a round of spear phishing e-mails targeted Web mail users of University of Cincinnati to seek personal data of students, the UC's Information Security Office said.
Related article: K-Links Platinum Vulnerabilities Allow XSS and SQL Injection Attacks
» SPAMfighter News - 03-09-2008