Skip to main content

Students targeted with university-themed phishing emails

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

A new phishing campaign has been discovered that looks to impersonate communications from universities. Like many other phishing attacks, the scam aimed to trick individuals into handing over their Office 365 credentials.

Cloud-based email security firm Zix discovered the attack back in October, after identifying suspicious activity coming from legitimate university .EDU servers. Threat actors would sometimes impersonate a university’s IT department, asking targets to take action if they wanted to keep their Office 365 password the same before a fictitious expiry deadline passed.

Potential phishing victims were then redirected to a domain that asked visitors to authenticate themselves by entering their Office 365 usernames and passwords – unwittingly handing them over to the attacker. A similar technique was employed in order to steal Outlook credentials.

Phishing season

The AppRiver team at Zix identified this phishing campaign as particularly noteworthy for the way that it bypassed a number of sender verification checks, including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

Although corporate phishing campaigns attract much of the attention, scams targeting the education sector are not uncommon. In October, Malwarebytes highlighted another phishing attack that was directing efforts against universities and schools.

More generally, phishing campaigns seemed to have thrived this year, with threat actors taking advantage of the confusion and misinformation that has surrounded the coronavirus pandemic. Zix has recommended that organizations, whether in the corporate or education sector, become better prepared for the many phishing threats circulating today. In addition to investing in a robust email security solution, organizations should also train their staff to remain vigilant against suspicious emails.

Via Zix