A new e-mail phishing scam is currently circulating Cornell, directing users to an almost exact replica of Cornell’s authentication site, C.U. WebLogin.
“A sophisticated and aggressive phishing attempt is currently circulating Cornell, trying to trick people into giving away their NetID and password,” stated CIT’s website in a Sept. 29 news brief. “In a new twist, this phish also asks that the recipient forward the message to other Cornellians.”
The scam purports that the user’s e-mail account will be suspended unless he provides a NetID and password. Perhaps more troubling, the user is then directed to a realistic C.U. WebLogin reproduction.
“This very specific phish just popped up about a week ago,” Wyman Miles, CIT manager of security engineering, stated in an e-mail. “What made [it] so unique is that it used a webpage that looked exactly like the C.U. web login page, and a subsequent phish used some language about our mail transition this fall that added to the credibility of the phish.”
The CIT website advises users not to respond to this phishing attempt, not to click on the links provided in the e-mail and especially not to forward the e-mail to other students. Students who have already divulged their information to the scam are advised to immediately change their password and security questions.
When asked how to avoid these phishing scams, Miles responded, “[CIT] won’t ask people for NetID passwords over an e-mail. We won’t ask for any other personal information. The return addresses [on the phish] won’t look right. Composition and grammar of the mail message is generally pretty poor.”
Miles was unaware of the number of students who have fallen victim to this particular scam.
“We will contact the owner of the account when the accounts start being misused,” he stated.
Miles expressed doubt over whether the criminals behind these and other phishing attempts will be found and held legally accountable.
“The folks who do these sorts of things are almost always overseas so they are out of legal reach,” Miles stated, adding that this particular scam is generated from a server in the Cocos Islands (a territory of Australia). “They are also using compromised accounts so tracking them down becomes exceedingly difficult.”