Phishing E-mail Targets VCU Students
A phishing outbreak unleashed on November 10, 2009 and posing as an important warning, reportedly led many students of VCU (Virginia Commonwealth University) to become victims of fake e-mails and fraud.
Steve Kuchta, staff member of Technology Services Help-Desk at VCU, said via an important notice that the university community complained of receiving a scam e-mail containing a web-link that led to an Internet site to phish off information since it imitated the login page of the VCU Central Authentication Service, as reported by Commonwealth Times on November 12, 2009.
Although the source of the phishing message seemed to be 'firstname.lastname@example.org,' yet it contained a login URL that related to a web-page on certain Russian site.
Meanwhile, the notice says that albeit 'email@example.com' represents a genuine e-mail ID of VCU's help-desk, senders of the phishing e-mail have spoofed it. It then warns that answering the e-mail could mean someone outside the university getting the recipient's personal identification details. The notice also added that VCU wouldn't ever solicit students' Social Security number, password and/or other sensitive personal details over e-mail.
VCU has asked its community to refrain from answering the e-mail in addition to deleting it instantly. In case any student has accessed the phishing website and logged in, he should directly speak to the university's Technology Services Help-Desk.
The Technology Services reports that the phishing campaign affected it enormously, impacting numerous people besides a number of VCU e-mail users. Moreover, numerous outbound e-mails clogged the server that delayed the delivery of valid e-mails.
However, Kanwar Anand, Technology Director of the Student Government Association, e-mailed to SGA officials that a solution was arrived at for the problem, as reported by Commonwealth Times on November 12, 2009. Anand further states that it is compulsory for the SGA to prevent any future occurrence of such instances by coordinating with the individual institutions in compliance with the "2007-08 Senate (21) Personal Information Protection Act."
Thus, Anand wrote that the SGA would coordinate with the Chief Information Security office, and Technology Services to stop any future occurrence of such a phishing instance.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 24-11-2009