Computer Services logo
 

 
Memorandum
 
To: The University Community
From:
 Ken Ihrer,
Chief Information Security Officer
Date:
June 24, 2008
Subject:
 FBI Reports on New Phishing Scams

The Federal Bureau of Investigation (FBI) has recently made us aware of two on-going phishing schemes that are starting to show up in this area. These are much different than previous scams and I wanted to make you aware of them.

The first is a method called a "vishing" attack which is carried out over the phone. Victims will receive a call from a person claiming to be from the office that oversees jury duty. The person will tell you that you failed to show up for jury duty and now a warrant is out for your arrest. Of course, the caller expects you to protest that you never received the summons. After you protest, the caller will indicate that you can be rescheduled but you will have to verify your identification. The information requested usually includes your Social Security number, date of birth, driver’s license number and address.

The second method I would like to warn you about is referred to as spear phishing. A spear phishing exploit is targeted towards specific persons, typically in highly visible positions. These attacks use publically available information about potential victims to build an attack plan. The way this attack works is you will receive a very official looking e-mail message (containing personal information about you) claiming that a federal investigation has turned up evidence of wrongdoing on your part and you are now being served a warrant. The email will request that you to click on a link for information about the warrant. Once you click on the link, a Trojan (virus) will be loaded onto your computer and used to capture information such as your passwords and personal data.

As you know, these types of attacks are not new to Temple. We should all expect the attacks to continue and, as you can see, to get even more sophisticated. The University was hit by a major phishing attack a few weeks ago that, to a much lesser degree, is still going on. We were very surprised at how many Temple community members actually responded to these scams and gave away personal information.

To safeguard your privacy, please remember that you should NEVER give personal information over the phone to unsolicited sources, or in response to an e-mail. Also, you should NEVER open a link in an e-mail message unless you are absolutely positive that you know who the sender is.

As always, Computer Services will continue to look for ways to provide better security and privacy to our University Community and also to keep you informed. For more information on Computer Security, please visit our website at www.temple.edu/cs/security.