Seemingly legitimate emails have been sent out recently by an online data thief to University of Iowa students’ Hawkmail accounts. Using key phrases that would normally appear in an authentic UI message, the email strives to deceive students into providing their login information and other more personal identification information.
Most recently, the “spear phishing” scams have consisted of phrases such as “Your HawkID was compromised” or “Your UI NETID was compromised.” The emails reportedly appear to be legitimate and are endorsed with the UI logo and university’s name. According to the UI, five UI people are fooled into sharing their login with an identity thief every day.
The recipient is directed to a Russian website to “reconfirm your login details, ” allow a “monitoring alert system” to prevent further compromise, or to “block the suspicious IP.”
The UI police warn users to be cautious when using email, saying these are not legitimate messages and users will never be sent an email asking to confirm log-in information or to confirm sensitive personal information. Reportedly, if a user clicks on the link, the identity-theft scam will silently install malicious software on their computer, in addition to gathering the user’s personal information.Â
— by Greta Meyle