Phishers Try to Seize Stanford Account Details

Fraudulent phishing e-mails were targeting Stanford University students' e-mail accounts during the second week of January 2008. The e-mails posed to be came from the e-mail administrators of the university, asking for verification of accounts, as reported by The Stanford Daily on February 20, 2008.

After students reported that they received the fraudulent e-mails, the ISO (Information Security Officer) at the university dispatched e-mail to the inmates of the university during the second last week of February 2008.

Phishing involves sending tricky e-mails to people to disclose their sensitive information like passwords, bank or credit card account numbers by disguising e-mails as some trustworthy entity sent them. The current phishing scam is of the 'spear phishing' type, which targets specific groups of people and is also difficult to identity. The scam had compromised three Stanford e-mail accounts. According to the ISO, the hacked e-mail accounts are used in tricking the unconscious persons to divulge their account credentials to a stranger, who then controls those accounts and launches more attacks from them.

The phishing e-mail that spread university accounts addressed the recipients as "STANFORD E-mail Account Owner" and proceeded to describe that it was part of "Stanford Team's" effort to upgrade its "e-mail account center". The message used block letters and instructed students to verify their e-mail details by replying with date of birth, country of origin, username and password.

The address of the sender showed as adminhelpdesk@stanford.edu, however, the reply-to address ended at the googlemail.com. One more sample of the phishing e-mail showed sender address as stanfordupgrade@live.com.

According to Mike Rodgers, Kimball Resident Computer Consultant, scammers aren't necessarily seeking access to Stanford e-mail accounts. They generally try to break into the bank account of a student, thinking that the student has the same username and password as that of his school account, as reported by The Stanford Daily on February 20, 2008.

To prevent the scam from spreading, the IT Services of Stanford University blocked the messages from entering inboxes and also blocked the phishers' addresses over the main servers. However, the ITS has given a warning that fraudulent e-mails addresses can change frequent and it will not sought the problem permanently.

Further, the ITS said that a genuine message from Stanford e-mail administrators never asks for information verification via e-mail.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 27-02-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next