Phishing Scam Targets Members Of Penn State University

Penn State University (USA) is under attack by an e-mail fraud that is attempting to steal the private details of faculty and students by directing recipients to supply personal usernames and passwords.

Understandably, the bogus electronic mails that seem to be sent from the helpdesk of Penn State ask users for the validation of personal accounts by providing their credit card and Social Security numbers. But in reality neither the Help Desk of the Penn State ITS (Information Technology Services) nor helpdesk@psu.edu sent these e-mails, according to the school ITS.

Also according to the 'ITS,' a phishing campaign takes the shape of an unsolicited e-mail that typically tells the recipient to confirm his account details by clicking a given web link. But, the link takes the user onto a fake site that prompts him to supply personal information like address, password, credit card details, Social Security number, and so on.

Subsequently the phishers exploit the information and carry out criminal activity of identity theft involving the setting up of fake bank accounts or creating false credit cards, with which money could be withdrawn in the name of the victim.

Thus in phishing, hackers find an easy method to make money, but for that they must bypass the target computers' anti-spam filters by first taking the victim into their confidence. Therefore, according to Penn State ITS, phishing is a severe problem, as through it people believe that the e-mail they are receiving is from a trusted and known source.

Meanwhile after learning about the scam, the IT Services is strongly suggesting recipients of the e-mails to delete the messages without responding to them since they are a fake. Says the University that however legitimate the sender's address might appear, it is important that private information should never be sent in reply to such e-mails, as no lawful company would ever ask for login details in this way.

Besides, in much the same news, last month (May 2009), several Lawrence University (USA) students became victims of a scam that sent spam mails for 'phishing,' apparently from the Lawrence IT department, as per that university's ITS.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 6/16/2009