Phishing Scam Targeting “College of the Holy Cross” Affects Innumerable People
"College of the Holy Cross" lately informed the Office of Attorney General for New Hampshire (USA) that a phishing attack victimized 7 employees of the institution, with the scam originating from Ghana and Nigeria, thus published DataBreaches.net dated October 20, 2011.
Reportedly, one e-mail landed inside the inbox of a Human Resource Department employee, which apparently the "System Admin" sent requesting for her electronic mail account's username and password. She did as instructed, but then her account became empty, she discovered.
Later 6 more employees were found victimized with the same campaign; consequently, 30,000 e-mails got erased in all.
Meanwhile, as per the college authorities, there shouldn't be any personal information in an e-mail except if it's encrypted, however, the HR staff member had breached that protocol.
Furthermore, according to the college, in all 493 people belonging to twenty other jurisdictions were as well being informed since a possible compromise of their private details.
Additionally, the institution reported that although it didn't get any evidence of misuse of the personal information of any affected person, it was still offering a 12-month free credit-monitoring facility along with ID-restoration assistance and ID-fraud insurance to all those who had been notified, including the New Hampshire individuals.
And while the phishing scam got executed from Ghana and Nigeria, USA's Federal Bureau of Investigation substantiated likewise activities from Nigeria getting detected since years.
Meanwhile identity specialists, who were brought in for assessing the current scam, issued notification letters to the individuals impacted, from the college's side, but those correspondences didn't disclose that scammers managed to access the data owing to employees getting victimized with the phishing attack. Expectedly, essential measures adopted for averting an unfortunate incidence will not cause sufferance to anyone due to the breach.
Conversely, as repeatedly cautioned earlier, the work-force taking care of confidential data belonging to other people must be more careful while answering dubious requests.
Eventually, to remain safe, security specialists advise users for always verifying from their real system admin prior to taking action on any such e-mail, as one can't ever say from where a phishing attempt may get initiated.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 31-10-2011