Multiple Phishing Attempts Targeted Major Universities

Kaspersky Lab warned that students and staffs of universities around the world should now become more cautious online, after the researchers detected around 1,000 phishing attempts that hit a minimum of 131 universities of 16 countries during last year.

All these attacks were tracked by Kaspersky Lab, and so they are continuously warning the schools as well as the universities about these ongoing phishing campaigns. The findings of Kaspersky Lab were published in a blog post of October 24. They noted that although these phishing incidents are continuing, but no schools have sustained any
data breach. The phishing attacks targeted schools such as the Cornell University, University of Washington, University of Iowa, Stanford University and Harvard Business School.

Kaspersky Lab's security researcher, Nadezhda Demidova, wrote to Security Now in an email that while a same group could be responsible for all these phishing campaigns, but the researchers don't have any proof that all these attacks were coordinated. Kaspersky Lab found that these attacks have been designed mainly for stealing research, along with credentials as well as other data, like IP address of victim's device.

"Our assumption is that the main goal of these attacks was to gain access to research," Demidova wrote. "However, scammers are interested in any personal information, as they can sell it or use in the future to create spear-phishing attacks aimed at a specific person or organization".

As per the researchers, in most of the cases, the cyber-criminals were targeting the users with fake web pages that were designed to look same as the university's official page. Only distinction is these pages contain some letters which were different from official URL, thus making it hard to detect. As soon as the user clicks on this link, they reach the credentials-stuffing pages, where the user has been asked to enter the sensitive information, such as IP addresses, university account credentials and location data.

These phony sites were spread to staffs and students through different social engineering techniques. Moreover, any credentials or data entered into these sites were sent to attackers.

Overall, Kaspersky detected 83 different campaigns that were targeting the US-based schools and 21 other campaigns targeting the UK universities in last 12 months. Attacks also were recorded in Colombia, India, Finland, Hong Kong, the Netherlands, Poland, Israel, New Zealand, Sweden, the UAE, South Africa and Switzerland.

University of Washington appears as the most popular target, as it accounted for more than 11% of all the attacks.

» SPAMfighter News - 11/12/2018