Uni warns patients after doctor gets phished
Officials at the University of California at San Francisco have warned 600 patients that their medical information may have been leaked by a doctor who fell for a phishing scam. An email the unnamed physician received in September purported to come from UCSF IT workers performing an upgrade to internal servers. It asked for a …
Universities in the US and UK have been suffering a constant stream of very clever targetted phishing attacks for a couple of years now. Loughborough University in the UK developed an application to prevent people from sending their login details via email in response to these attacks. You can read about it and download it here: http://kochi.lboro.ac.uk/kochi1.html
It's the only course of action. People have to be made aware that THEY are responsible for information they give out. If they are on the net, the need to be aware of the risks and threats of the net. Just like drivers are trained to be aware* of the risks and threats on the road. Ignorance is not excuse and if they do claim ignorance they should be disconnected IMMEDIATELY and not reconnected until they prove competence.
People need to take responsibility for their actions and the only way to do that is to MAKE them responsible. Especially when they hold positions of responsibility like a doctor or similar. Once people get that the net is not just MyFaceTwit and poses real threats to them, they may take more care of how they set themselves up and what software they use.
Of course, there should also be action taken against phishers and their agents (those dumb enough to let their PCs become drones). ISPs forcibly disconnecting and disconnection of ISPs that do not take such action would be a good start.
*BMW, Merc and Lexus drivers excepted, they can carry on being total wankers.
"The mishap is the latest reminder that even people in high places can fall for phishing scams."
They are probably the most at risk group IMO. Partly due to the fact that they have their head up their own arse and those that don't are probably so busy with work picking up the slack from those with a missing head and an inflamed posterior that they don't notice the signs of a phishing scam.
(err jobs icon cause I felt like picking on him, I'll pick on gates later).
Why dont they keep logs of user activity. Such as who accesses the email from what IP etc and what emails they read?!
yet again this fraud of a self proclaimed profession is shown to have the intelligence and foresight of an amoeba's casting.
Sign up, sign up for The Register's weekly IT security newsletter - click here
