Educause Security Discussion mailing list archives

Re: More spear phishing + vishing

From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Fri, 4 Jul 2008 12:29:11 -0400

Thanks Julie for posting this.  I had mentioned to others here at our university several months ago that attackers 
would end up using phone calls once we blocked the e-mail avenue.  We had seen e-mails telling people to call automated 
numbers but, to my knowledge, have not received any automated calls or SMS messages.
 
Has anyone had any attacks that solicit campus account information via phone that you are aware of?
 
Matt
 
Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at www.fairmontstate.edu 
<https://fsmail.fairmontstate.edu/exchweb/bin/redir.asp?URL=http://www.fairmontstate.edu/> 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv on behalf of Fugett, Julie C
Sent: Thu 7/3/2008 10:48 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] More spear phishing + vishing


I just wanted to add that these people (I use the term loosely) are now text messaging members of the Lawrence and KU 
communities.  We're keeping people updated via our blog, among other places.  The entry is here:
 
http://www2.ku.edu/~privacy/cgi-bin/mydrupal/?q=node/91
 
-Julie

________________________________

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Fugett, 
Julie C
Sent: Monday, June 30, 2008 4:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] More spear phishing + vishing



I wanted to share this as it may be arriving soon at a community near you. 

KU and the Lawrence community were hit by a hybrid phishing and vishing (voice phishing) attack over the weekend.  
Residents received calls Saturday night.  The calls do not appear to be limited to just members of the KU community--my 
theory is they were wardialing through all the local exchanges.  I had a message on my  machine from about 10pm, but 
according to the paper some people were called as late (early?) as 1:30-2am.  It appeared that the group doing the 
calling may have followed up with e-mails as well.

http://www2.ljworld.com/news/2008/jun/30/beware_fraudulent_callers_soliciting_personal_info/ 
<http://www2.ljworld.com/news/2008/jun/30/beware_fraudulent_callers_soliciting_personal_info/>  

-Julie 
____________________________________________ 
Julie C. Fugett, CISSP, CCE                     
Information Security Analyst 
IT Security Office, A division of Information Services 
The University of Kansas        
     
http://www.security.ku.edu <http://www.security.ku.edu/>  
http://www.beseKUre.ku.edu <http://www.besekure.ku.edu/>

Current thread:

Re: More spear phishing + vishing Fugett, Julie C (Jul 03)
- <Possible follow-ups>
- Re: More spear phishing + vishing Jenkins, Matthew (Jul 04)
- Re: More spear phishing + vishing Fugett, Julie C (Jul 04)