Vanderbilt University Once Again Confronts Phishing Attack
Hackers recently executed one dangerous phishing scam on the e-mail users of Vanderbilt (Nashville, Tennessee, USA), cautioned officials of VUIT (Vanderbilt University Information Technology) that vanderbilt.edu published in news on November 10, 2014. As early as 4:53a.m on 8th November, 2014, an internal electronic mail A/C of Vanderbilt seemingly dispatched one phishing message to some 16,000 Internauts in the university.
The message asserted it was one vital notification from Vanderbilt ITS and that the receiver should follow two given web-links for providing the username, password and address of his e-mail. The request was, however, unlawful wherein some unauthorized entity sent it through one Vanderbilt e-mail A/C it first compromised.
The phisher understandably aimed at encouraging other Vanderbilt end-users towards giving their VUnetIDs along with ePasswords on spoofed websites obtainable through the links on the e-mail.As per Security Operations Director Salvador Ortega for VUIT, there's an investigation presently going on into the phishing assault. According to him, the assault chiefly aimed at the university's medical department.
Reportedly, it isn't the lone phishing assault at the campus in 2014. Previously during the year, electronic mails got dispatched from outside Vanderbilt's main e-mail system, to which VUIT started appending a tag "[External]" within their captions, a measure adopted for preventing the undesirable phishing assault.
According to Ortega yet again, the present phishing attack against the university isn't unprecedented. There is one, everyday, at Vanderbilt. It is merely that the current one managed to be widespread, says the director. Vanderbilthustler.com published this dated November 12, 2014. Ortega explains that VUIT continuously modifies its defenses for newer assaults while accommodates accordingly to the fresh techniques which the attackers possess.
According to him, the end-user is foremost in the series of defense lines vis-à-vis attackers' fresh tricks. Hence, in case any Vanderbilt inmate gets the above kind of phishing e-mail he shouldn't send his VUnetIDs/ePasswords in reply to the message. Instead, he should delete it alternatively, inform Vanderbilt regarding it. Any form of answering the e-mail simply indicates the recipient's e-mail id is active; consequently, the sender can use that particular id for dispatching more spam later on.