University e-mail accounts were bombarded by a phishing scam Wednesday. An e-mail claiming to be from Hancock Bank requested that recipients complete a survey for a chance to win a $500 prize. Andrew Jones, business freshman, fell victim to the scam. Jones said he completed the entire survey Wednesday and provided his full name, address, Social Security number, credit card number, credit card security code and PIN. Jones said the University should install a better spam filter. He said he contacted a credit monitoring agency about his situation. “They said they would look into it, and if they see any activity or if it gets too bad, they would shut down the account,” Jones said. Jones said he is not a Hancock Bank member. The message was sent by [email protected]. When the Daily Reveille attempted to access the survey on Thursday, the link connected to the main page of Hancockbankq.com. The official Hancock Bank Web site warns of phishing attempts. Legitimate e-mail messages will address the customer by name and will never collect personal information, according to the Web site. Brian Nichols, University Information Technology Services security and policy officer, said his office received no complaints about the e-mail. “I have not heard of this one in particular, but we get these just about every day, so this doesn’t surprise us at all,” Nichols said. Sheri Thompson, ITS communications and planning officer, said phishing attempts are a form of spam, and there is no way to determine how spammers obtain University e-mail addresses. Thompson said signing up for Facebook.com or Myspace.com accounts with a University e-mail might make users vulnerable to spam. “Be diligent and be an active participant in your credit history,” Thompson said. Thompson recommends students sign up for the University’s free credit monitoring service with Equifax. Nichols said he will only send out a broadcast e-mail if he receives several complaints about a particular instance of spamming. Nichols said he would post an update about the attempt on the ITS security and policy page. University student John Curcio created the Facebook group, “*IMPORTANT*: FAKE HANCOCK BANK EMAIL- GOING AROUND LSU EMAIL SYSTEM” in response to the e-mail. Curcio, computer science freshman, said he felt some students would be foolish enough to fall for the scam. “I didn’t know how fast the LSU security team would be able to get out the information,” Curcio said. Curcio said he felt Facebook would be the fastest way to warn students about the scam. He said he contacted ITS about the e-mail Wednesday. Curcio said ITS should have warned students about the scam earlier. “I think the LSU community needs to know that the threat of phishing scams is real, and if the sites are created to look genuine enough, they can fool anybody without careful inspection,” Curcio said. The e-mail link originally directed users to the survey, he said. The main page and survey cannot be accessed from some computers. Curcio said he researched Hancockbankq.com and discovered it is based in Japan. “Usually, if it’s in Japan, it takes a while for anyone to take it down,” Curcio said. Curcio is concerned there will be more phishing attempts by the message’s sender. “I’m pretty sure that since they have our e-mails now, and they know that the e-mails work, we’re probably going to get more of them later on,” Curcio said.
—-
Contact Emily Holden at [email protected].