Phishing Scam Targets Cornell Students
Security specialists at Cornell University (located at Ithaca, New York) said in news brief on their CIT (Cornell Information Technologies) website on September 29, 2009 that an aggressive and sophisticated phishing scam was in circulation across Cornell. The scam, exuding a fresh tactic, even directed the message recipient to pass it to other Cornellians, the brief indicated, as reported by The Cornell Daily Sun on October 6, 2009.
The reports state that the e-mail threatens user that he would find his account terminated unless he furnishes his username and password. The message appears even more authentic as it leads the user to a realistic Cornell University WebLogin replica.
Wyman Miles, CIT Manager of Security Engineering, said that the phishing attack had emerged recently during the 4th week of September 2009, as reported by The Cornell Daily Sun.
Meanwhile, the thing that makes the attack very uncommon is that a majority of the e-mails are more legible compared to the normal phishing e-mails, and a web-link embedded in them leads to an extremely realistic reproduction of Cornell's authentication site, CUWebLogin, where students usually enter their username and password.
Besides, the perpetrators of such frauds often were from overseas that kept them out of the attacked country's legal jurisdiction, the specialists said. They added that the CUWebLogin page was really on server located on Cocos Islands - an unusual location for finding the administration of Cornell e-mail. Moreover, the perpetrators were utilizing hijacked accounts that made tracking extremely difficult.
CIT is doing everything to stop such e-mails and block the phony site's IP address. It is recommended that students never reveal their username and password, birth date, Social Security number, or any other private detail in response to an e-mail.
Finally, the specialists suggest e-mail users to avoid making any response to the particular phishing attempt, refrain from clicking on the given web-link, and never pass the e-mail to other students. If any student has by now divulged his details, then he must instantly reset his password along with security questions.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 27-10-2009