Phishing scams, which have plagued Stanford students over the past two years, have become increasingly sophisticated in their attempts to solicit private information. In the most recent series of attacks affecting Stanford, scammers are now posing as governmental agencies offering protection from future scamming.

“The National Credit Union Administration (NCUA) and U.S. Government developed a project to protect your bank account and credit card against Internet fraud, but for this we need your help,” reads one email. “You just have to register with us.”

The link below directs the recipient to a fake Web site that asks for sensitive credit card information that can be used for unauthorized purchases.

The emails all contain links and sender addresses from the .gov domain, providing an illusion of authenticity. According to Jon Pilat, manager of Unix Systems in IT Services, email addresses can be easily forged.

Pilat added that attacks that require a Web site to enter information have no need for a valid email address, since email is not involved in the information collection process. He added, however, that phishing scams requiring email response can still fake a “from” address that is displayed to the recipient.

Students who fall victim to these scams have few options. Pilat said that the type of information submitted to scammers determines the victims’ next course of action.

“If students have given out their credit card information, they should call their credit card company to close their account to reduce the chance of fraud and identity theft,” Pilat said. “If students have exposed an account’s username and password, they should immediately change that information and inform the account provider.”