CCS Name Used in Phishing Scam to Attract Students of Ryerson University
Security experts at CCS informed that hackers attacked students of Ryerson University (Canada) by sending e-mails masquerading as mails from Computing and Communication Services (CCS) that supports IT among the administrative and academic communities.
Assistant Director of Communication Services at CCS, Ken Woo, states the method used by attackers is known as phishing, as reported by The Eyeopener on January 28, 2009.
CCS officials said that hackers send mails for gaining access to personal and financial information of users, and in the case Ryerson students, they have succeeded.
According to CCS officials, there are several ways through which hackers can acquire mail addresses, including sharing of mail lists. Hackers can make use of vulnerable system to access address books or use common names with the name of an institution to form a mail address. There are several loopholes through which hackers can acquire such critical information.
For making the Ryerson students aware of the phishing scam, Ryerson on its official site displayed a warning reading 'PLEASE DO NOT RESPOND TO FAKE MAIL MESSAGES'. The snapshot of the fake mail is also shown on the site and it is addressed to either the students or staff of the University.
But the IT department of Ryerson University claims that these mails are fraud and informs the webmail users not to respond to them. They also said that the IT department never asks the users to reveal their password as well as advised them not to divulge the password under any case.
During October 2008, Carleton University (Canada) was also targeted by a similar kind of phishing scam. At that time, the University cautioned its students and faculty not to reply any such mail as it was a phishing mail and should be erased immediately.
Related article: Cisco Finds Two Vulnerabilities and Recommends for Patches
» SPAMfighter News - 12-02-2009