Impersonation
Email Hoax Traced to University of Colorado Denver
Quick Facts
- Date: 10/9/2009
- Institution: University of Colorado, Denver
- Type of Incident: Impersonation
- Number Affected: N/A
- Source: ESI
- Abstract Source: ABC 7 Denver
Abstract
An email hoax claiming the Denver Columbus Day parade was canceled was traced to a University of Colorado, Denver computer. The email, which claimed to be from president of the Sons of Italy Columbus Day Parade Committee Richard SaBell, was traced to a public kiosk computer at the university that is open for public use. Denver police have seized the computer and are conducting an investigation into the hoax. The person responsible could face charges of fraud and identity theft. In addition, the university is very concerned over this incident and considers the hoax unauthorized use of a campus computer.
[Update1]University of Illinois Tracking Down Fraudent Email From Chancellor
Quick Facts
- Date: 9/2/2008
- Institution: University of Illinois
- Type of Incident: Impersonation
- Number Affected: 1
- Source: ESI
- Abstract Source: News Gazette
- Update1 Source: Daily Illini
Abstract
University of Illinois officials are working to track down who sent a fraudulent email message purportedly from Chancellor Richard Herman. The e-mail message, sent from the chancellor AT uillinois.edu e-mail account, denounces fraternities and sororities calling recruiting activities "aggressive" and claiming that such organizations "perpetuate social inequality, especially with respect to the opposite gender, and promote a lack of diversity." According to officials within the Office of the Chancellor, which controls the chancellor AT uillinois.edu, the e-mail was sent from the account but that the e-mail was not sent by the chancellor. The Campus Information Technologies and Educational Services (CITES) staff is looking into how this e-mail was sent and is attempting to determine how many people received the fraudulent e-mail. According to Robin Kaler, the UI's associate chancellor for public affairs, the university plans to take disciplinary action against the individual responsible for sending the e-mail.
Update1
According to Mike Corn, director of security and privacy for CITES, the hoax email was not the result of a security breach. While the email appeared to be sent to "everyone@uillinois.edu", that was not the case. According to Corn, this part of the email was just text and the email was just another form of "phishing", designed to get grab everyone's attention.
Hackers Use University of Otago Email Accounts To Send 1.55 Million Spam Messages
Quick Facts
- Date: 8/15/2008
- Institution: University of Otago
- Type of Incident: Impersonation
- Number Affected: 4
- Source: Pogo Was Right
- Abstract Source: Otago Daily Times
Abstract
Computer criminals were able to gain access to four University of Otago email accounts and use this access to send out 1.55 million spam messages. The computer accounts, belonging to university employees, were compromised after the university was targeted with a wave of "spear phish" emails asking recipients to respond with username and password information. The four employees do not face any disciplinary action but instead the university's information security office is using this as an opportunity to reach out to the university community.
Update 7/31/2009: Please note that this story was incorrectly attributed to the University of Oregon in the ESI Year in Review 2008. I would like to apologize to the University of Oregon for this mistake and thank Don Harris and John Miyake for alerting ESI to this error. A corrected version of the YiR will be available shortly
Havard Student Caught Making Fake IDs
Quick Facts
- Date: 1/9/2008
- Institution: Harvard University
- Type of Incident: Impersonation
- Number Affected: Unknown
- Source: ESI
- Abstract Source: The Harvard Crimson
Abstract
Theodore R. Pak, a Harvard undergraduate student, has been caught creating false identification including state drivers licenses and Harvard identification cards. Some of the Harvard ID cards allow access to student buildings and "Crimson Cash" accounts according to university officials. According to officials, there is no evidence that the fake ID cards were used to fraudulently access cash or personal information. However, Harvard sent a letter to Crimson Cash account holders suggesting these individuals review their accounts for fraudulent activity. At this point it is unclear whether or not the cards were used to gain unauthorized access to buildings.
CPCC Student Worker Suspected of ID Theft
Quick Facts
- Date: 1/4/2008
- Institution: Central Piedmont Community College
- Type of Incident: Impersonation
- Number Affected: Unknown
- Source: ESI
- Abstract: WCNC
Abstract
A Central Piedmont Community College student worker previously charged with embezzlement is also suspected of using her access to employee files to commit identity theft. According to the 18-year-old's former supervisor, beyond using the supervisor's credit card at Wal-Mart, the supervisor saw the student worker copy down names, Social Security numbers and birth dates from employee files. After searching the student workers house, police discovered a credit card, business card, prepaid Visa, insurance card and student identification in other people's names. CPCC officials have changed some of its security measures and are asking employees to check their personal information.
