Phishing Experiment E-mails Deceive AUS Students

Students of American University of Sharjah (AUS), located in the Middle East, were hit by a pair of phishing e-mails when a test was conducted in April 2010 to see what number of students would become victim of a phishing campaign.

During the experiment, the first e-mail typically asked for resetting the password of the University account, while the second e-mail promised an opportunity to participate in a lottery via answering a banking questionnaire.

Once the experiment was completed over 10,000 students, the ensuing results were stunning. While the first e-mail sent to faculty, staff and alumni managed to entice 954 recipients, the second e-mail lured around 200 students.

Over 96% of those duped were existing students, stated Associate Professor 'Dr. Fadi Aloul,' specialist in PC engineering and the project supervisor, as reported by Thenational.ae on June 27, 2010.

Dr. Aloul added that he was indeed astonished to see so many students were caught.

In phishing attacks, fake electronic mails and spoof websites are used for deceiving recipients into giving away their sensitive information. According to Dr. Aloul, every month, the university receives routine phishing messages purporting to be from addresses of banks. These messages tell the recipients that their AUS account has been blocked, a common form of deception.

As per Symantec and Trend Micro, Internet crime such as phishing is increasing in the Middle East nations.

These companies also observe that ideally end-users will simply erase phishing e-mails coming into their inboxes. Actually, the conmen exploit consumer gullibility. According to the security companies, universities and banking institutions have been spreading awareness regarding what consumers should look for and they should treat unsolicited e-mails with suspicion. Nevertheless, this awareness sadly does not stop all people from becoming victim of cyber crimes as evident from the AUS instance.

To stop staff and students from becoming victim of phishing e-mails, it is essential that AUS carries out awareness classes related to cyber-crime. This'll help campus members to know the techniques for counter-acting if actual spoof e-mails ensnare them rather than those that are experimental.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 7/6/2010