Whitman College Inmates Victimized in a Phishing Scam
Washington-based Whitman College recently was a target of a phishing fraud in which students, faculty and staff received scam e-mail, says WCTS (Whitman College Technology Service), as reported by Pioneer on September 25, 2008.
As known, phishing is an attempt to extract passwords and other sensitive information from users through e-mail that contain malicious content like spyware, Trojan or other malware.
In the current attack, so far 60 students, 1 faculty and 3 staff members have fallen prey to the hackers. These e-mails purporting to arrive from WCTS extort username and password from innocent Whitman students to serve various malicious purposes.
According to WCTS' Director of Network Technology Kevin Kelly, hackers aim at stealing people's identity, their payment card number and empty their bank accounts. Normally, they lure people to get their hands on the victims' money in on way or other. Also, committing fraud in the name of charity is huge. Kelly said that it is hardly astonishing that due to Hurricane Ike, for instance, fake charities have emerged to solicit money, as Pioneer reported by September 25, 2008.
Though in the Whitman attack, phishing e-mails might ask for a Whitman login password, other attacks may even pretend to be the user's bank and ask for his Internet banking credentials. A Whitman faculty member, who was victimized, allegedly lost about $4,000 from her/his bank account as she/he unknowingly gave out personal Internet banking details to an unknown party.
The college's helpdesk Internet site further warned and said that the e-mail scammers could use the stolen information to harvest more data about the affected users. And as many Internet surfers use a common password for a number of Websites, the harm might not be limited to that site which the scammers manage to access.
Besides, students need to suspect e-mails requesting for the recipient's private information, especially those purporting to come from organizations already possess that information, suggests the University Network Services. Also, students should avoid following links given in such dubious e-mails, instead should access the websites by typing their URL addresses.
» SPAMfighter News - 06-10-2008