Ramped-up phishing attacks target universities around the world

Phishing attacks are easily one of the most common, and effective, methods of social engineering. Every facet of society is attacked via phishing for this reason and it appears that the academic sphere is being affected rather significantly. Back when I was in college, phishing attacks were not uncommon as my university email would become the target of social engineers with an annoying frequency. As research from Kaspersky Lab shows, however, phishing attacks against academic institutions have increased in scope and complexity.

As Nadezhda Demidova reported for the Kaspersky blog Securelist, there have currently been 131 universities targeted by phishing attacks. The majority of these universities are in the United States with the additional countries being the United Kingdom, Australia, Canada, Finland, Colombia, Hong Kong, India, Israel, the Netherlands, New Zealand, Poland, South Africa, Sweden, Switzerland, and the United Arab Emarites. Of the universities in this list, Demidova states that the most attacked institutions are the University of Washington, Cornell University, and the University of Iowa.

The actual phishing attacks involve similar tactics to banking phishing attacks in that a false website that looks identical comes up when taking the bait. As the Securelist article states, the motivation here is not financial but rather academic. The treasure trove of research findings at top universities can be just as valuable, and with the right credentials, can be easily accessed. Demidova says this about the actual phishing pages studied:

Despite the browser warning and, as in the case of the Cornell University fake page, the prompt to check the address bar (copied by the attackers from the original site), users often fail to spot the difference. While analyzing the scripts of one of the phishing pages, we noticed that alongside usernames and passwords, fraudsters collect information about IP addresses and the victim’s location. Cybercriminals can use this data to circumvent anti-fraud systems by masquerading as account holders.

The easiest way to avoid these phishing attacks is to be more diligent in noticing anything slightly “off” about the page. Considering that students and faculty log in to their college's homepage often, they should know what the proper URL is and how to detect any odd mistakes in the page like spelling errors.

Featured image: Pixabay

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

User-friendly web design tools for a user-friendly website

If you want your business to succeed these days, you need a user-friendly website. Put these tools in your toolbox…

9 hours ago

New kids vs. old reliable: Can chat apps replace email?

Do businesses rely too heavily on email for communication? Yes! Is the answer to replace email with chat apps? No!…

14 hours ago

PowerShell function to standardize message box script outputs

If you got your start with Visual Basic, you remember msgbox. This PowerShell function will bring back memories and help…

17 hours ago

Microsoft Ignite 2019: Top announcements and product unveilings

Microsoft Ignite 2019 included a slew of updates on products and services. Among the announcements was Azure Arc, which may…

1 day ago

Who says configuration management can’t be fun?

Managing change in an enterprise isn’t easy and it’s usually no fun. Here’s a book on configuration management that will…

2 days ago

Choosing the right communication tools for your business

Choosing communication tools is like choosing a first progamming language. While you want easy, you also want cross-platform, security, and…

2 days ago