SectionsStudents duped by e-mail scam warning
Stephen Herzog
Issue date: 9/4/08 Section: News
Missouri State University attempted to warn students of an e-mail scam last week, but apparently some students didn't get the message.
Computer Services sent out an e-mail warning students of the possible phishing scam, with an example of what the e-mail might say. About 100 students responded to the Computer Services' warning e-mail by providing the information asked for in the scam, said Patrick Day, coordinator of operations and systems for Computer Services.
"With that information, I could have used their e-mail to send a threatening letter to the president of the United States, and they'd be in jail right now," Day said. "I could have created a phony credit card in their name, and they'd be bankrupt by the end of the month."
And that was only students responding to a warning about e-mail scam that was not as professional-looking as a scam that targeted the university in July.
"They weren't even taking 15 seconds to read it and see what it was," Day said.
He said the scam last week had poorer spelling and grammar, which is similar to what they see on most phishing scams.
In July, the department received a report of a much more professional-looking e-mail from "Missouri State University CAMS" with the subject line "Your OWA verification update." The message asked for a "private ID and password."
"Once we received a report, we immediately used network equipment to block this address so it was unable to send anything else," said Jeff Morrissey, director of Computer Services.
The department's equipment also allowed it to block the account, which originated from Yahoo, from receiving any reply from within the Missouri State system.
Morrissey said this scam was different than past instances because it was modeled to look as if it came from Missouri State.
The e-mail included the university term "CAMS" which stands for Computer Account Management System, a term used within the university's computer administration. Morrissey said he didn't believe the inclusion of this term indicated it was sent from someone within the system, partly because the message used a different header.
Computer Services sent out an e-mail warning students of the possible phishing scam, with an example of what the e-mail might say. About 100 students responded to the Computer Services' warning e-mail by providing the information asked for in the scam, said Patrick Day, coordinator of operations and systems for Computer Services.
"With that information, I could have used their e-mail to send a threatening letter to the president of the United States, and they'd be in jail right now," Day said. "I could have created a phony credit card in their name, and they'd be bankrupt by the end of the month."
And that was only students responding to a warning about e-mail scam that was not as professional-looking as a scam that targeted the university in July.
"They weren't even taking 15 seconds to read it and see what it was," Day said.
He said the scam last week had poorer spelling and grammar, which is similar to what they see on most phishing scams.
In July, the department received a report of a much more professional-looking e-mail from "Missouri State University CAMS" with the subject line "Your OWA verification update." The message asked for a "private ID and password."
"Once we received a report, we immediately used network equipment to block this address so it was unable to send anything else," said Jeff Morrissey, director of Computer Services.
The department's equipment also allowed it to block the account, which originated from Yahoo, from receiving any reply from within the Missouri State system.
Morrissey said this scam was different than past instances because it was modeled to look as if it came from Missouri State.
The e-mail included the university term "CAMS" which stands for Computer Account Management System, a term used within the university's computer administration. Morrissey said he didn't believe the inclusion of this term indicated it was sent from someone within the system, partly because the message used a different header.
Be the first to comment on this story