Below is an example of an phishing scam that has been sent out seemingly by a legitimate University-based e-mail account. Unfortunately this time, the e-mail message has been sent to other institution’s addresses and the university is being wrongly criticised for “allowing” this.

Remember: The only purpose of a phishing scam is to get victims to provide their personal information and thereby gain access and control of passwords, bank account numbers and personal details.

Information Technology will be investigating this incident but keep this in mind:

1. Many times an automatic program is used to “spoof” or forge a phony e-mail address to disguise the real sender The address is often pulled from a database of “stolen addresses”.
2. This university e-mail account owner might be a victim themselves of a phishing scam, and have provided their details to scammers, resulting in their address or computer being “hijacked” by the phishers.
3. In some cases an e-mail address owner is employed by the phishers to operate and send out phishing mails on their behalf with the promise of earning money for their services. (Earn $10 000 per month and work from home) in this case it is unlikely, but nevertheless a risk. 

In the screen grab below note the “honeypot”:

…There is no Subject line

…It seems to come from a university employee but the reply to address is some other address

…It promises that you have won a large amount of money. That always attracts people.

[ARTICLE BY DAVID WILES]

This entry was posted on Tuesday, February 25th, 2014 at 10:22 am and is filed under Communication, E-mail, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.