Phishing Attack Hits OSU
The Ohio State University (Ohio, USA) disclosed that a phishing assault had lately hit the mailboxes of OSU students. Thelantern.com published this on March 7, 2011.
Displaying a header, "Urgent Security Update," the phishing e-mail attempted at enticing students to click on a web-link named "re-login and resolve the issue" where they were asked to feed in personal usernames and passwords.
The e-mail asserted that its sender was firstname.lastname@example.org an id that actually belonged to the OIT (Office of Information Technology) of OSU.
Remarking about the above assault, Director of Communications Cathy Bindewald in the Chief Information Officer's office stated that it was plainly a phishing attempt. Thelantern.com reported this.
The Director further stated that spammers usually managed at spoofing return e-mail ids and that explained the reason as to why the electronic mail of OIT got displayed as the id to which replies were expected.
She continued that her office wouldn't ever solicit password from anyone, so incase any e-mail made such a request users must understand that the e-mail was a phishing scam.
Worryingly, it's because of the above kinds of phishing attacks that there's been such a remarkable spike in phishing, unlike ever-before, despite security specialists doing their utmost for curtailing the threat. For example: according to Symantec the security company, which published its security report for February 2011, phishing e-mails accounted for one in a total of 216.7 e-mails i.e. 0.462 percentage points, a rise of 0.22% from January 2011.
Therefore, users like always are again advised not to reply to e-mails, which request for confidential details. Further, they mustn't click any web-link within an e-mail for accessing the site mentioned inside it rather they should type the URL-address directly into the Web-browser and access the said site from there.
Moreover, victims of phishing attempts can adopt another measure of defense i.e. go to email@example.com and report the most recent event, while also surf www.antiphishing.org to get additional details regarding phishing instances. Finally, users must make sure that they've up-to-date security software installed on their PCs so they may ward off the above kind of assaults in future.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 24-03-2011