Phishing Email Attack Employees of MSU
Lansingstatejournal.com reported on 4th April, 2014 stating the recent discovery of email attack involving the payroll information of employees of Michigan State University, East Lansing, Michigan, US is the second reported occurrence in the past six-months.
In both incidents, valid credentials like username and password were used.
Last October (2013), it was found that an anonymous person had altered banking information in the payroll system for no less than two employees of MSU.
Lansingstatejournal.com published a report on 4th April, 2014 quoting Sgt. Florene McGlothian-Taylor, Spokeswoman of MSU Police, as saying "It was revealed on Tuesday, 1st April, 2014 that unauthorized changes happened in direct deposit details of around 10 employees."
McGlothian-Taylor said that the assault led to the attempted pilfering of direct deposit payroll incomes and the probe is going on.
There is no clue that a system-wide security breach occured or data of other employee was exposed.
Officials analyzing the current phishing email campaign comment that "Phishing" is an Internet-based sting involving emails appearing to be from a faithful source (like MSU in this case).
Mlive.com published a police statement on 3rd April, 2014 as "Do not respond to emails or link with emails as it is not legitimate message from Michigan State University".
In case you have been already struck by the abovementioned phishing email campaign then forward along with full headers the email to firstname.lastname@example.org or report by pasting a copy of full headers onto the contact form. You can report about the unfortunate incident by calling MSU on its helpline number, (517) 432-6200 and then immediately deleting the email.
Moreover, MSU is not the only one that has been targeted by phishers since the beginning of 2014 as during second week of January 2014, University of Florida based in Florida, US also warned its students to be careful about a new "phishing" email scam asking students to give out personal information online. It was discovered that fraudster posing as University of Florida Computing Helpdesk sent an email initiating patrons to follow a link for changing their information for University of Florida webmail account.
» SPAMfighter News - 16-04-2014