MU & BOV Targets of Phishing Scams

The University of Missouri (MU) was a target of a phishing scheme when around 1,200 inmates including faculty and staff received an unexpected e-mail claiming to be from the university that requested recipients to verify their account information, the university announced on November 29, 2007.

The e-mail sought recipients' date of birth, name of their home country and e-mail password, said spokesman Terry Robb for the Information and Technology Department of the university. ColumbiaTribune published Robb's statement on November 29, 2007.

As the phishing e-mail arrived, the MU issued a statement to announce the students, faculty and staff on the university campus receiving the phishing message. It further said that the sender's address was given as emailupgrade@missouri.edu and the e-mail asked the recipients to reply by providing their e-mail's username and password, their birth data and the territory or country they belonged to.

Robb said that while three people replied back, only one disclosed a password. However, that password no longer exists as it has been changed for reasons of account security. Robb also said that the e-mail, which seems to come from New Zealand, has been circulated to other universities as well.

According to him, the e-mail's objective seems to collect confidential information about e-mail accounts of the university's students and staff. Thus, he cautions users not to reply to the message. Robb explained a university never asks users to provide their password over e-mail and that they need to be careful with any that requests for such information.

A few days before the MU incident, the Bank of Valletta also reported that many of its customers had received a malicious e-mail whose sender claimed to be the bank and which asked users to visit certain Website to activate their online facility once again.

The message was a product of a phishing operation that represented identity theft and online fraud where a malicious entity tried to persuade clients to access a fake Website of the bank so that it was possible to steal their identity credentials and private financial details, BOV said. The bank has since disabled the fake site as an immediate action.

Related article: MU Students Received Phishing E-mail

» SPAMfighter News - 12/12/2007