Phishing Scam Targets UTS Students
The UTS (University of Technology Sydney), on March 6, 2008, alerted its students about fraud scammer e-mails that sought to grab their personal information to possibly sell off to other fraudsters.
The scam e-mails purporting to be from UTS to its students typically ask them to confirm the details of their e-mail accounts. During the process the scammers steal password as well as student information like date of birth, e-mail address, phone number, and details of subject payment.
Premium Services Manager at Trend Micro, Adam Biviano, said that after stealing the private credentials the scammers sell them off to the highest bidder in black market. Thereafter, the fraudsters who buy the stolen information use it to pose as another person before the related organizations, it directly relates to identity fraud, as reported by smh on March 6, 2008.
Biviano said that information like the person's address, details of his successor are normally required as identification while applying for credit. Apart from applying for credit on behalf of the target, or using the private information to make unauthorized access to bank accounts, these fraudsters could directly attack students with their scam operations.
With such detailed private information in their hold, the perpetrators could make the students believe that they are representatives of organizations like a bank or the tax office and lead them to give away their credit card numbers.
Biviano further added that it seems the scammers are now targeting specific organizations like the UTS and not simply industries. He further said that while phishing attacks normally target financial companies like PayPal and banks, the current attack is highly targeted by spoofing a particular organization in a manner that the victims disclose certain kinds of information.
Meanwhile, he UTS has said that it never asks for passwords or personal identifying information over e-mail. The university advised its students not to reply to messages seeking confidential information till they are sure of their source.
In a similar phishing attack, the Northern Kentucky University faculty, students and staff were sent spam mails from two firms apparently using NKU addresses to solicit personal details in last week of February 2008.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 13-03-2008