Wednesday, July 22, 2009

Phishing Attack Foiled

(Originally published July 16,2009)
I have seen a lot of clever and some not-so-clever phishing scams. I just saw the following in the Chronicle's Wired Campus:

After business hours last Thursday night, an e-mail message popped into the in boxes of 800 people at North Carolina State University with the subject line “Mandatory Security Update: July 2009.” The e-mail message, which claimed to be from the IT Help Desk, said that in an effort to block spam, all e-mail users had to click a link to the university’s e-mail sign-in page and enter their user name and password.

It seemed perfectly normal — the image icons were the same, and links to the home page and directory all looked fine.

But it was all a hoax.

While this attack may not be the most original, the response by North Carolina State was outstanding. They stopped the attack before any real damage could be done. Then they realized something else. The phishers had such a good-looking site because they were copying the actual graphics from the school's own site. So, guess what? They changed the graphics to say "THIS IS A PHISHING SITE. Do not enter your password".

These guys at NC State are rock stars! For a complete rundown with copies of the NC State response, visit their site which also gives a complete blow-by-blow of their actions.

And you thought they were only good at basketball!

No comments:

Post a Comment