CMU Employees Hit with Sophisticated Hacking Attack

Staff members at CMU (Carnegie Mellon University) of Pittsburgh (USA) were of late hit with one advanced hacking attack, published wpxi.com during end-week of February 2015.

As per details uploaded to the website of Carnegie Mellon that Information Security Director Mary Ann provided, almost 200 university users were recipients of the phishing electronic mail. The e-mail had one web-link that took onto one intricately constructed replica of the educational institute's account login page. If the login credentials were entered the result would be diversion of the victims onto different campus sites, reported triblive.com, February 25, 2015.

Simultaneously, these credentials reaching the hacker were later used for accessing different people's computers such as employees', and a few graduate and work study pupils' to intercept payroll, time-tracking and human resource data.

The university's officials did not disclose the number of people who got victimized with the scam.

According to Ms. Blair, of those victim accounts that have been recognized, a relatively small number, are safe.

A CMU pupil named Ramsey Natour said he received an e-mail suggesting of being careful of a phishing attack circulating. Wpxi.com reported this.

Blair stated that during December 2014, the institution put up information on its website regarding another malicious e-mail campaign that tried grabbing payroll data of higher education staff.

Security specialists assert that phishing attacks exploit the public's wish for benefiting themselves else their associates. There are two ways the attacks work - (i) luring victims towards entering personal details; (ii) planting malware onto the PC after victim clicks an e-mail web-link.

The Office of Information Security at CMU, in efforts to stop further attacks, distributed reminders to pupils as well as employees about how to protect themselves.

These reminders included validating if an e-mail is genuine prior to viewing it, verifying URLs if they point to the actual sites prior to logging in, as well as reporting suspicious or real problems immediately as they occur.

CMU even runs a training program online which guides on the way phishing e-mails can be recognized.

Indeed no university ever dispatches its students or employees e-mails asking for any information.

» SPAMfighter News - 3/10/2015