Phishing E-mails Target MSU Students’ Webmail Accounts

Montclair State's Webmail has lately been the subject of scam e-mails. About a few weeks back, a number of students got an e-mail that seemed to have arrived from the Bank of America claiming that since the Bank was conducting its annual check for its Internet banking service, users needed to confirm their accounts details.

Clearly, these e-mails that impersonate the Bank are trying to 'phish' off personal data from users. They attempt to divert recipients to a website that requests for details like bank account and credit card numbers along with SSN. Furthermore, for those who have not even entered the details but just clicked on the link, a virus is installed on their system.

In one case, when the web-mail user got the scam e-mail, he viewed it and then opened the given link. However, at that time, the website was not working whereby he could not feed in any information. However, a pop-up appeared saying that the website in question was a fake. Naturally, this aroused curiosity among students who tried to access it anyway.

Jeff Giacobbe, Director for Systems, Security and Networking with IT, issued an alert to students saying that the electronic message they were receiving and asking for user ID, password, birth date etc, was a phishing scheme. After the warning, the fake e-mails disappeared immediately, as reported by THEMONTCLAION on April 9, 2009.

Besides, on March 26, 2009, Director of Systems and Technology Brian Beckett issued a warning about another phishing campaign whose source was unidentified. The e-mail showed the header, "News -Please Read" and similarly appeared to be from an authorized university, asking for students' personal details.

Moreover, in 2008, MSN, Comcast and Hotmail blacklisted the montclair.edu e-mail ID for carrying out alleged spam operations. They have temporarily banned inbound messages from the Montclair server.

In the meantime, security specialists cautioned not to enter username/password in a page that arrives in e-mail. Besides, a proper URL of an university would show the suffix '.edu.' Students have also been advised to notify any e-mail they suspect and thereafter to delete it.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 4/17/2009