+ Post New Thread
Results 1 to 2 of 2
Jokes/Interweb Things Thread, Go Phish..... in Fun Stuff; ...
  1. #1

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,249
    Thank Post
    1,061
    Thanked 1,070 Times in 626 Posts
    Rep Power
    741

    Go Phish.....

    A few years ago, researchers at Harvard University and UC Berkeley published a rather interesting study about phishing. After running a usability study to see how well people can detect phishing attempts, they found that:

    * 23% of the study's participants did not look at the address bar, status bar, or the security indicators
    * 68% proceeded without hesitation when presented with popup warnings about fraudulent certificates
    * 90% were fooled by good phishing websites.
    * Neither education, age, sex, previous experience, nor hours of computer use showed a statistically significant correlation with vulnerability to phishing.

    To make matters worse, the study's participants were actually trying not to get tricked. "Our study primed participants to look for spoofs," the researches explain, "thus, these participants are likely better than 'real-world' (un-primed) users at detecting fraudulent web sites."

    Clearly, phishing is a very serious problem and anyone, anywhere could be vulnerable. Jeff Anderson, the CIO of Auburn University at Montgomery, knew this, and sent out an email warning all students and faculty to be on the lookout for phishing activity.

    From: Jeff W. Anderson, Ph.D.
    To: Everyone
    Priority: High
    Subject: Email Phishing Warning


    We have noticed an increase in phishing attempts, similar to the message below. AUM will never request that you provide you user name and password in an e-mail. You should not provide any private information, including passwords, through e-mail.

    Here is an example of a recent phishing attempt:

    -------------------------------------------

    Subject: ATTENTION: EDU WEBMAIL SUBSCRIBER:

    ATTENTION: EDU WEBMAIL SUBSCRIBER:

    This mail is to inform all our {EDU WEBMAIL} users that we will be
    upgrading our site in a couple of days from now. So you as a Subscriber
    of our site you are required to send us your Email account details so
    as to enable us know if you are still making use of your mail box.
    Further informed that we will be deleting all mail account that is not
    functioning so as to create more space for new user. so you are to send
    us your mail account details which are as follows:

    *User name:
    *Password:

    Failure to do this will immediately render your email address
    deactivated from our database.

    Your response should be send to the following e-mail address.

    (end of phishing example)
    -------------------------------------------

    Other phishing attempts include messages that appear to have been sent from financial institutions or companies such as Microsoft. Your financial institution will never ask you to provide your account information through e-mail, and Microsoft does not send out updates through e-mail.

    When you receive these types of messages, you should delete them and not respond. It is also a good practice to avoid clicking on any links in suspicious e-mail messages.

    If you feel you have been a victim of a phishing scheme regarding your AUM account, please contact the ITS Help Desk at 244-3500 or helpdesk@aum.edu

    Thank you,

    Jeff W. Anderson, Ph.D.
    Chief Information Officer
    Auburn University - Montgomery




    Obviously, a single email won't prevent all phishing scams -- especially the advanced variety that links convincing websites -- but it should at least remind people to never, ever email their password. Right?

    Not so much. A few days later, Jeff was forced to send an update to his previous email.

    From: Jeff W. Anderson, Ph.D.
    To: Everyone
    Priority: High
    Subject: Phishing Update


    I would like to stress, again, that you should NEVER send your user name and password to ANYONE through email. If you receive a request for this information, it is most likely an attempt to use your account for fraudulent purposes.

    In my previous alert, I included the text of a phishing email as an example. Some students misunderstood that I was asking for user name and password, and replied with that information. Please be aware that you shouldn’t provide this information to anyone.

    If you do receive an email requesting your credentials, please call the help desk at 244-3500, or forward the email to helpdesk@aum.edu. Do not reply to the message, even if it states that you account will be disabled.

    I apologize for the confusion.

    Thank you,

    Jeff W. Anderson, Ph.D.
    Chief Information Officer
    Auburn University - Montgomery

  2. #2

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    6,069
    Thank Post
    902
    Thanked 1,013 Times in 825 Posts
    Blog Entries
    9
    Rep Power
    350
    I had a very very good Phishing attempt a couple of months back (attempt on me, not me attempting to phish - oh you know what I mean). I thought my ebay account had been hacked and someone was purchasing using my paypal details and credit cards.

    Thank good Firefox 3 has a good built in Anti-Phishing service! I swear the e-mail, address bar, everything I thought to check all looked as it should. I was very impressed and nearly caught out



SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •