Duke University Reported about Fraudulent, Phishing E-mails

The OIT (Office of Information Technology) and the ITSO (IT Security Office) of the North Carolina, USA-based Duke University recently got complaints about one fresh phishing scam that has been attacking the university's users, published Duke Today dated March 26, 2012.

A phishing electronic mail landed into the inboxes of approximately 2,000 users on March 26, 2012, directing recipients for substantiating their login credentials with Duke. Asserting as being a message from Duke University, the e-mail told the reader that a virus had been detected inside his Web-mail account following procedures of security evaluation.

OIT disabled the phishing messages' sender id.

Chief Information Security Officer, Richard Biever of Duke University said that although the anti-spam filters of the University caught numerous of the e-mails, a few still managed in getting through. Duke Today published this.

Biever further said that approximately 132m e-mails had arrived inside the University's inboxes starting mid-February 2012. From among those a total 113m (86 percent) were recognized to be phishing or spam messages that were summarily isolated or thwarted, he added.

Worryingly, in a similar instance, phishers recently targeted the Idaho State University (ISU) too, with fraudulent e-mails reaching innumerable students as well as teachers of the institution.

The scam electronic mail posing as a communication from the HelpDesk of ISU stated that for students to keep personal accounts running on the University's Web-mail system, they must follow a given web-link to a site wherein to feed in their passwords, else ISU's Web-mail server would begin erasing their accounts.

And though users targeted with the fraud were solicited password and login information and not Social Security or credit card numbers, IT Manager Tony Lovgren at the IT Department of ISU stated that it could turn out just as hazardous. Localnews8.com published this on March 23, 2012.

Lovgren added that the fear could be even more incase the users had a common user ID and password to access additional accounts like a credit card or banking account.

However, as precaution, ISU stated that anybody who followed the web-link within the above kind of scam must first reset his password.

Related article: Dixie College Suffers Data Hack

» SPAMfighter News - 4/4/2012