Penn State Rocked By Web Access Phishing Scam

A press release circulated in the beginning of September 2008 announced that many Penn State Community students were targeted by a phishing scam after responding to a message, which they believed, originated from the "PSU.edu Admin".

In contrast to other phishing scams searching for student information, in this particular case, the cyber criminals do not request the students to respond to the messages with their login details, on the contrary, they are led to a phony Web Access login page which resembles the Penn State University's authorized login page, according to the security investigators and security experts, investigating the details into the recent phishing scam.

In the meantime, reports reveal that some of the Penn State students found the fake homepage convincing enough to access it using their Penn State username and password. Security experts advise all victims to visit the official Penn State University login management Web page at https://www.work.psu.edu/apps/work/work.php and then modify their password.

The access to the fake site was barred on September 8, 2008 dawn. Nevertheless, students should be warned that the phishing scam is expected to recur via another Web address if the students keep on falling prey to the fraud, asserted security authorities.

In the course of the ongoing investigations by security researchers, the Director Customer Communications, Pennsylvania State University Information Technology Services, Robin Anderson remarked that it was extremely risky as they had been asking the Penn State community not to disclose any private details, as reported by Collegian on September 11, 2008.

According to her, the scammers behind the frauds are not connected with the university and most probably stay abroad.

In the meantime, outlining the purpose of the phishers, investigating officials and experts assert that con men and phishers usually hack the accounts to steal private data like Social Security numbers (SSN) and transaction details of their targets.

Besides, these con men often store the details in a database and then auction them, earning cash in exchange. As such kind of scams are perpetrated with monetary benefits, the key purpose is phishing people of their personal data.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 9/19/2008