Rice Students Became Victims of Phishing Attacks

According to security researchers, e-mail messages originating from the mail server of Rice University were tentatively banned, as 14 students became victims of a phishing attack, including 12 new ones.

Phishing attack basically, as per security experts, is an attempt to get the private details of potential victims by pretending to be an authentic entity.

For Rice, it wasn't the first-time phishing outbreak but the one occurred during the 2nd week of September 2009 exhibited a success rate far beyond the usual.

Explaining the attack, the researchers said that the students without any suspicion divulged their passwords as a reply to the scam e-mails posing as communications from Rice IT.

Spammers compromised the university web-mail accounts of the students and used them for pushing other spam. And as huge numbers of e-mails started to arrive from the rice.edu e-mail ids, Rice became another name in the catalog of familiar spam mailers.

However, Marc Scarborough, Information Security Officer at Rice University, clarified all doubts with the statement that the school didn't ever request for passwords, as reported by Ricethresher on September 18, 2009.

Scarborough also said that in most of the phishing instances during the 1st week of September 2009, the victims had spent only a short time-period at Rice that was not enough for them to identify genuine e-mails from fraudulent phishing e-mails.

Generally, a couple of Rice e-mail accounts became effective targets of phishing attacks every month via a maximum of two attempts every seven days.

Owing to the effectiveness of the phishing attack during the said 1st week, a new attack was tried during the succeeding week. The electronically-generate fraudulent mails even had all spellings right, quite different from typical phishing e-mails which had typos.

Furthermore, Scarborough added that when Rice IT discovered any new phishing attack, the department informed everyone at Rice regarding the suspicious e-mails; however, that happened only when they succeeded in finding the particular e-mails.

Meanwhile, hackers hijacked Rice e-mail accounts more often to use a legitimate server to send spam rather than to collect users' private information.

Related article: RSA Attendees Responsible for Wireless Vulnerability

» SPAMfighter News - 10/9/2009