NC State email users were the target of a new slicker phishing attack on Thursday night, July 9, 2009. The phishing emails went to about 800 users. Do not click on the link in this copy of the phishing email, which is being provided for educational purposes only.
This attack was different from others that OIT has been receiving. The emails arrived with subject of “Mandatory Security Update: July 2009.”
The phishing emails were marked by PureMessage as spam. They didn’t have a reply-to address. Instead, the message said to click on the link in the message to login and make sure your account was up-to-date.
The email was in html and appeared to be from: firstname.lastname@example.org. The email was in HTML format and had a link to a copy of the webmail login screen. This phishing site was a very good copy of . The clues that it was a fake were:
- The URL of the link the reader was supposed to click on (http://ncsu.edu.ec-uk.org/) to verify their account information didn’t use https
- The domain of that URL didn’t end in ncsu.edu
In response to phishing sites that are copies of NC State web pages, OIT will add a DNS block on the URL after it has been discovered. This will cause those on campus using the OIT DNS servers to get directed to a warning webpage if they browse to the phishing site.
We will also report the forgery to major search engines and antivirus companies so they can update the web reputation of the URL. Those using Officescan’s web reputation service or the one available with the latest versions of Internet Explorer and Firefox would then get a warning if they visited the phishing site. This is to warn users that are off-campus.
Take a look at the website above describing this incident. Feel free to use it to educate others on avoiding these phishing sites.