CHAMPAIGN, Ill. — A two-part computer phishing scam made to steal banking passwords has attacked University of Illinois computer users and their off-campus email contacts from as far as Ohio.

The scam’s first wave was an email saying the user had authorized a large payment, Brian Mertz, a spokesman for the university’s Technology Services told The News-Gazette . The email included an attachment with a piece of malware that infected the user’s computer and read its address book.

The users’ address books were used to send a second wave of emails with a fax attachment known as a “banking Trojan.”

“We’ve seen this fax attack before,” Mertz said.

Mertz said the fax attack is used to steal passwords. He said Technology Services has disabled and blocked the malware attachment from users.

“That was our way of stopping the spread of the risk farther on campus,” Mertz said.

The emails came from what seemed to be a legitimate sender and had an illinois.edu address.

“That name that people recognize is what made this a dangerous and tricky phishing attack,” Mertz said.

Mertz advised that anyone who opened the fax before it was disabled should run an anti-malware software and make sure it says “everything is clean” before updating their passwords.

“If you try to update them first, TrickBot will just steal your passwords,” Mertz said.

Mertz suggested that anyone who received the email should delete it.


Information from: The News-Gazette, http://www.news-gazette.com