Phishing Attack Targets Indiana University Students
A highly focused phishing attack in 2006 that extorted personal and financial information out of a number of Indiana University (IU) students seems to have the support of an earlier undisclosed break-in at the main servers of the school. A student of doctoral research in Indiana unearthed documents to provide evidence for the incident. Blog.washingtonpost published this on April 17, 2007.
In June last year, the board of directors of Central Federal Credit Union voted in majority to amalgamate with IU Credit Union. Following this, many IU students and faculty found a warning e-mail in their inboxes. It said that recipients must renew their contract with the IU Employees Federal Credit Union or else have their online bill paying accounts, attached to the institution, suspended.
The 'Indian Daily Student', the school's student news publication, reported that the attack affected about 80 members.
Soon after the phishing assault, Chris Soghoian, a PhD student on cyber security at IU's School of Information filed a request under Indiana Public Records Act asking for documents in connection with the incident. He was previously working in areas of phishing, click fraud, airport security and search privacy.
After Soghoian started his classes at IU during last autumn he registered for an e-mail address with the school only in March 2006. Strangely though he had not given his school e-mail id to anyone or used it himself before the phishing attack, he too received one specimen of the phishing e-mail. So he decided to file the request for public records, Soghoian said. Blog.washingtonpost published Soghoian's statement on April 17, 2007.
Investigators uncovered phishing kits containing tailor-made scam e-mails and web pages specially designed to aim IU students and members of the Florida Commerce Credit Union and the Sandia Laboratory Federal Credit Union.
At IU, the anti-phishing research group is pooling efforts to understand, identify and stop online fraud and also cut down the economic drain due to phishing attacks. The group aims to strike directly on the problem by analyzing it in detail to find out what helps phishers to succeed. Indiana published this on April 13, 2007.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 23-04-2007