University e-mail accounts were bombarded Wednesday by a phishing scam. An e-mail claiming to be from Hancock Bank requested that recipients complete a survey for a chance to win a $500 prize. Andrew Jones, business freshman, fell victim to the scam. Jones said he completed the entire survey Wednesday and provided his full name, address, Social Security number, credit card number, credit card security code and PIN. Jones said the University should install a better spam filter. He said he contacted a credit monitoring agency about his situation. “They said they would look into it, and if they see any activity or if it gets too bad, they would shut down the account,” Jones said. Jones said he is not a Hancock Bank member. The message was sent by [email protected]. When The Daily Reveille attempted to access the survey Thursday, the link connected to the main page of Hancockbankq.com. The official Hancock Bank Web site warns of phishing attempts. Legitimate e-mail messages will address the customer by name and will never collect personal information, according to the Web site. Brian Nichols, University Information Technology Services security and policy officer, said his office received no complaints about the e-mail. Sheri Thompson, ITS communications and planning officer, said phishing attempts are a form of spam, and there is no way to determine how spammers obtain University e-mail addresses. Thompson said signing up for Facebook.com or MySpace.com accounts with a University e-mail might make users vulnerable to spam. “Be diligent, and be an active participant in your credit history,” Thompson said. Thompson recommends students sign up for the University’s free credit monitoring service with Equifax. Nichols said he will only send out a broadcast e-mail if he receives several complaints about a particular instance of spamming. Nichols said he would post an update about the attempt on the ITS security and policy page. University student John Curcio created the Facebook group, “*IMPORTANT*: FAKE HANCOCK BANK EMAIL- GOING AROUND LSU EMAIL SYSTEM” in response to the e-mail. Curcio, computer science freshman, said he felt some students would be foolish enough to fall for the scam. Curcio said he felt Facebook would be the fastest way to warn students. He said he contacted ITS about the e-mail Wednesday. He said ITS should have warned students about the scam earlier. “The LSU community needs to know that the threat of phishing scams is real, and if the sites are created to look genuine enough, they can fool anybody without careful inspection,” Curcio said. The e-mail link originally directed users to the survey, he said. The main page and survey cannot be accessed from some computers. Curcio said he researched Hancockbankq.com and discovered it is based in Japan. Curcio is concerned there will be more phishing attempts by the message’s sender. “I’m pretty sure that since they have our e-mails now, and they know that the e-mails work, we’re probably going to get more of them later on,” Curcio said.
—-Contact Emily Holden at [email protected]