Students of Colorado University Receive Phishing E-Mail

As per the reports received from Colorado University's Boulder's information Technology Services (ITS), the campus of CU has been attacked by several harmful e-mails trying to extract private details in recent weeks.

ITS revealed that the e-mail carries the title "Account update Subscriber" sent from the address supportaccountupdate@colorado.edu and appears as an alert mail directly from the university.

The mail also said that because of ERROR CODE 33152, it is doing a temporary maintenance to upgrade their services. Therefore, it requires the users to send their account details to the ACCOUNT UPDATE UNIT for protection against spam and update.

ITS officials informed that without any grammatical errors, the e-mail is a major issue as it used the university as a Trojan horse for extracting private details. Under the guise of "Customer Care Department, Mail Control Unit, and Regents of the University of Colorado" the e-mail was directed to an unrecognized mass of CU accounts and had the potential of duping number of unwitting users into divulging their details.

Communications Manager and Public Relations at ITS, Greg Stauffer said that the e-mail account password also acts as IdentiKey. Therefore, it helps in gaining access to all the communication and computing accounts on campus. So it opens a lot of exposures for the attacks and it becomes really tough to retain them back, as reported by Colorado Daily on July 31, 2008.

Greg also explained the origin of phishing mails. They are usually duplicate of present addresses and then re-direct, because of which, it becomes difficult to grab the attackers associated with phishing. He also added that the most efficient technique to restrict a phishing attack is to educate users.

Besides, the university and ITS officials clearly mentioned that they would never ask the users to send their passwords and other private details through mail.

ITS also said that in case students and others want to know anything more about protection against phishing they can visit their site at www.colorado.edu/its.

Related article: Storm Worm Returns with Follow-Up Attack

» SPAMfighter News - 8/18/2008