Phishers Target University Students with .edu ids
According to investigators at M86 a security company, phishers are sending fake e-mails to University students whose e-mail ids end with .edu, with these e-mails posing as messages that seemingly the academic institution's system admin sent.
Says M86, like always, this attack has been launched just when students are getting back to school.
The company, which intercepted one sample of the phishing e-mail, found that it told the recipient his mailbox could no longer take messages as its storage capacity, which the admin fixed, crossed the limit. Thus, he required re-validating his e-mail account for continuing to receive or send e-mails for which he must follow a given web-link.
One more sample appeared as being more personalized as it identified the web-service the university used as also specified the storage limit of the service.
Nevertheless, the real spoofed or phishing website indicates that an inexperienced fraudster is behind it, who very unprofessionally, requests for all the information of the user. This is clearly evident since the site's footer exhibits a banner having the words "Powered By php Form Generator."
In any case, M86 researchers note that this phishing campaign is utterly rudimentary since it provides an extremely simple way for reaching the admin web-pages that don't ask for any username or password. The scammers, for crafting the web-pages and online forms, merely require free hosting as well as the already prepared wizard, respectively. And despite so plain technicalities, some users still exist who voluntarily give away real information regarding their own selves to online-crooks who aren't even convincing, the researchers observe.
Moreover, owing to these phishing assaults, M86 yet again recommends people using e-mail that they shouldn't click web-links in e-mails that solicit personal information. Despite the e-mails appearing authentic, users must regard unwelcome solicitations for private details with suspicion. Also, they must first verify the identity of the e-mail senders prior to deciding what amount of faith they should allot for them.
Eventually, it's because of these untoward phishing instances that M86 highlighted within its H2-2010 security report that phishing assaults increased during July-December 2010 thus making many people turn into victims.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 05-03-2011