Saturday, June 7, 2008
Phishing e-mails claiming to be from the KU Credit Union have been arriving in the KU account inboxes of students, staff and faculty.
The e-mails ask recipients to verify personal account information.
Julie Fugett, information security analyst for the IT Security Department, said the e-mails have been a staged attack, which allowed the e-mails to become more advanced over time.
The first string of e-mails appeared in April and claimed to be from the University Help Desk. Those e-mails asked students to verify their account information such as user names and passwords. Fugett said the hackers then sent e-mails from those KU e-mail accounts.
“That is part of the reason they look real,” Fugett said. “Another part is that the bad guys are getting better at what they do. They’ve started adding things like security notices.”
The link in the e-mail asked students to verify their account information but Fugett said that when people replied, they were actually allowing their information to be harvested.
Fugett said the same thing happened when people entered their debit or credit card information and social security numbers.
“They want to steal as much information from you as possible so they can spend your money,” Fugett said.
Joe Nasternak, Kansas City, Kan., senior, said he first received an e-mail claiming to be from the Credit Union in late May. Since then, he has received about four more e-mails.
“I had a feeling it wasn’t real, especially since I don’t have an account with the KU Credit Union,” Nasternak said. “That was my red flag.”
Nasternak said that he thought the e-mail looked legitimate, however, because of its format and the link it included.
“The only things that they messed up were some grammatical errors that the Credit Union wouldn’t make,” he said. “Other than that I could see how someone would think it was real.”
Fugett said that the e-mails were especially innovative because they were able to bypass the University’s spam filters. She said that the IT Security Office did its best to filter spam e-mail, but that because it wanted to let all legitimate e-mails through, sometimes bad e-mails got past the system.
Bill Myers, director of information services, said that he didn’t know when the e-mails would be phased out of the system. He said that the Security Office filtered about 3 million to 5 million spam e-mails out of the system per day.
“It’s way more than what ever gets into inboxes,” he said. “Spammers are always looking for ways to penetrate the network.”
Fugett said the Security Office had been working to combat the problem by sending anyone who was logged onto a computer within the University network to the Security Office’s Web site when they clicked on the link.
“The situation was getting dire enough that we said we had to do something, so that’s what we decided to do,” Fugett said.
If you’ve responded to the e-mail and given out your personal information, call the University Customer Service Center at (785) 864-8080.
—Edited by Case Keefer
University alerts network users to phishing
A fraudulent e-mail asked students and faculty to provide their usernames and ...
Text message scam targets students
A mass text message sent on Feb. 1 was quickly determined to ...
E-mail frauds target University students
Many students received e-mails from somebody posing as a representative from the ...
Facebook accounts pose dangers
Incriminating information online can both endanger student security and harm future career ...
Workshop teaches warnings signs of cyber scams
Phishing scams have Internet users on edge.
University battles SPAM
On-campus e-mail gets facelift over break
KUIT is nearing completion on a server-move and client updates.
Financial aid office apologizes; plans new e-mailing ...
KU Safety Office investigates fake classified ad
An ad that has appeared in The University Daily Kansan may leave ...
University promotes students’ cyber security
KU Information Technology is encouraging students to recognize and protect themselves from ...
Students can now get transcripts online
Registrar’s Office now allows for students to request and obtain their transcripts ...
University warns students about phone scam
Someone posing as a KU employee has reportedly been calling students and ...
Emails lost due to incorrect labeling
Last night two of the spam/virus servers for the University experienced a ...
Expanded inboxes to allow more e-mails
Last Wednesday, Information Services announced that students’ e-mail mailboxes had been increased ...
Outlook accounts may feature Gmail technology
The application could provide a new format and more space, but KU ...
Students suspect facebook.com monitored by schools, police
University begins investigation into record release
Leaked documents included social security cards, phone numbers, transcripts. The University was ...
Keeping personal information from cyber crime
Personal information can be accessed by hackers and thieves in an instant ...
Computer glitch results in refund for Edwards ...
The University is giving the affected students a grace period before they ...
Anderson: Is our democracy healthy?
Survey gathers student reactions to the college ...
The survey is sent by e-mail to randomly selected students.
KU Information Technology promotes Hawk Drive to ...
Previously available only to faculty and staff, the service promises one gigabyte ...
Student Senate notebook
Here's what happened at the Student Senate meeting Wednesday.
University implements communication system
The University of Kansas is working to implement Message Blox, a system ...
Softball player sues University
University warns of possible hacking
Your name, birth date, social security number and credit card number could ...
University changes to new, more secure wireless ...
Before using the new network, all users need to reconfigure their wireless ...
Identity fraud, viruses prompt on-campus improvements
Millions of American adults are victims of identity fraud every year, and ...
Softball player files lawsuit
Users abuse Facebook
Mangino's University parking history
Mangino has a rough past with the University's parking department that includes ...
Student Health Services has online help
New online tools help students cancel appointments as well as talk to ...
Facing the music
For 13 students sued by the music industry, the risks of illegal ...
Students unaware of Final Four lottery
All 230 students who signed up for the student ticket lottery for ...
Personal data again left unsecured
A question of identity
The Comanche Nation informed KU that a professor who claims he's Comanche ...
Facebook changes come in waves
Rumors claim the site is adding a webmail service.
From left: Kimberlee Hinkle, Libby Johnson and Hannah ...
1 comment
Kansas Jayhawk fans hold aloft a reproduction of ...
2 comments
Erin Saupe, a Ph.D. student from St. Cloud, ...
1 comment
0 comments
Armed robbers continue to threaten.
3 comments
Lecture from Greg Mortenson, co-author of New York ...
0 comments
Comments
University e-mail accounts attacked by fake KU Credit Union e-mails
Hiya. I thought I might post links to a few helpful articles:
We get phished so you don't have to: http://www.besekure.ku.edu/~privacy/cgi-bin/mydrupal/?q=node/87
IT Security Office alert regarding phishing e-mails: http://www.security.ku.edu/alerts/alert-viewer.jsp?id=61
How to forward spam messages: http://www.email.ku.edu/spam
Sign in to comment
Or login with:
OpenID