eCampus and Internet 2 About Internet 2 at WSC WSC eCampus
Contact Info

 

Help Desk

(402) 375-7107

Email: helpdesk@wsc.edu

 

Network Notices

"phishing" and the potential end result"

posted 10-5-09

 

Greetings,

 

Please read this!
"Phishing" has not gone away. It will not go away until people quit responding to junk e-mail that makes requests for user accounts and passwords. I would like to remind all of you that my office will not solicit your user name (which we already have) or your password for your account on campus. Further, I know of NO system administrator that would solicit such information online. I urge you to delete all e-mail requests of this type. We really cannot block them all and some do get past our system.

 

I would recommend that you refer to some of the older "Network Notices" at the following URL:
http://www.wsc.edu/it/network_notices/

 

There are a number of notices in this listing that were written last year in regard to "phishing" I think it would be good to review them as most of that information has not changed.

 

Recently we had a couple of our campus computers compromised as a result of "phishing" requests that were submitted via e-mail in the traditional sense. The end result was that the staff computers were controlled in ways that most people cannot even comprehend. And we ended up being involved in some very illegal activities that negatively affected several banks on the east coast. I am "pasting" excerpts from one of the technical people at a bank that was also compromised as a result of what happened on our campus:

 

Thanks very much for all the info. I will enter it into our records
associated with this incident. If you do have the list of recipient
email addresses attempted - that would be great.

Following is what I've been able to determine thus far...
Perps "hijack" domain name registered with domain registration company
in Australia
Perps hijack computer (or computers - creating a botnet) - one we know
of was at Wayne State College in Nebraska
Perps use botnet to send out emails hopes of finding a "recruit" that
will do what they ask
Perps locate an individual who agrees to do what they ask ("Mule" or
"Pigeon" - depending on whether you believe the person knows they're
assisting in illegal activity or doesn't)
Perps instruct Mule to open account with minimal deposit and access
online banking system - so perps can go info needed to recreate site
Perps create bogus website\pages using hijacked domain name and host it
with web site hosting company in Texas
Perps use botnet to send out bogus emails containing link to their site
asking people for their credentials
Customers unwittingly click in link in bogus email, go to site and enter
their credentials - giving perps their credentials
Perps use the credentials to logon to customers account
Perps transfer money from customers account into account opened by Mule
Perps tell Mule to go to bank, withdraw money (making sure amount
doesn't raise flags), keep portion for themselves and send remainder to
perps

In this case our employees questioned the person that came in to make
the withdrawal - and no money was taken. We've reported the incident to
local law enforcement, state police and feds but honestly no one seems
too enthusiastic about pursuing the issue or optimistic about actually
finding the person or people who are behind this.

Thanks again for all your help with this.

 

Dennis Linster

Chief Information Officer

Wayne State College

Wayne State College
Our focus is your future
Find us on Facebook
Follow us on Twitter
Watch us on Youtube
Linked IN
Instagram
Flickr