Phishers Now Target US Students
US University students have become the target of a new spear phishing attack, researchers at Sans Institute report.
February 4, 2008
As it follows, the victims are being asked to provide the so-called admins with various details such as user names, passwords and date of birth.
According to the Internet Storm Center blog, the standard phishing email looks something like this:
“Subject VERIFY YOUR xxxxxx EMAIL ACCOUNT NOW
Dear xxxxx Email Account Owner,
This message is from xxxxx messaging center to all xxxxx email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused xxxxx email account to create more space for new accounts.
To prevent your account from closing you will have to update it below so that we will know that it's a present used account.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........
Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.”
Basically, one can easily spot such an attack by looking closely at the reply address, which is external to the organisation. If so, just mark it as spam and let the Trash folder deal with it.