Ramped-up phishing attacks target universities around the world

Phishing attacks are easily one of the most common, and effective, methods of social engineering. Every facet of society is attacked via phishing for this reason and it appears that the academic sphere is being affected rather significantly. Back when I was in college, phishing attacks were not uncommon as my university email would become the target of social engineers with an annoying frequency. As research from Kaspersky Lab shows, however, phishing attacks against academic institutions have increased in scope and complexity.

As Nadezhda Demidova reported for the Kaspersky blog Securelist, there have currently been 131 universities targeted by phishing attacks. The majority of these universities are in the United States with the additional countries being the United Kingdom, Australia, Canada, Finland, Colombia, Hong Kong, India, Israel, the Netherlands, New Zealand, Poland, South Africa, Sweden, Switzerland, and the United Arab Emarites. Of the universities in this list, Demidova states that the most attacked institutions are the University of Washington, Cornell University, and the University of Iowa.

The actual phishing attacks involve similar tactics to banking phishing attacks in that a false website that looks identical comes up when taking the bait. As the Securelist article states, the motivation here is not financial but rather academic. The treasure trove of research findings at top universities can be just as valuable, and with the right credentials, can be easily accessed. Demidova says this about the actual phishing pages studied:

Despite the browser warning and, as in the case of the Cornell University fake page, the prompt to check the address bar (copied by the attackers from the original site), users often fail to spot the difference. While analyzing the scripts of one of the phishing pages, we noticed that alongside usernames and passwords, fraudsters collect information about IP addresses and the victim’s location. Cybercriminals can use this data to circumvent anti-fraud systems by masquerading as account holders.

The easiest way to avoid these phishing attacks is to be more diligent in noticing anything slightly “off” about the page. Considering that students and faculty log in to their college's homepage often, they should know what the proper URL is and how to detect any odd mistakes in the page like spelling errors.

Featured image: Pixabay

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

How chatbots are changing the way teams communicate internally

Chatots are primarily thought of as consumer-facing solutions. They bring life to customer interactions by…

2 hours ago

Hakbit ransomware campaign targeting specific European countries

The newly uncovered Hakbit ransomware campaign spread via spear-phishing emails may indicate a shift in…

6 hours ago

Credential stuffing: Everything you need to know to avoid being a victim

Credential stuffing is yet another weapon being used by cybercriminals. Here’s what credential stuffing is…

9 hours ago

RAID levels explained: How they can benefit your business

Want to know about the different RAID levels? Read on to understand what RAID is,…

1 day ago

How the rise of remote work is accelerating cloud migrations

The emergence of remote work as a dominant paradigm is having a big impact by…

1 day ago

Multilingual PowerShell scripts: A must for multinational organizations

As workplaces become more diverse and companies expand worldwide, there is a need for multilingual…

1 day ago