- Digital twins are optimizing supply chains and more. Here's why enterprises should care
- Getting Out in Front of Post-Quantum Threats with Crypto Agility
- Join Sam's Club for $15 - the lowest price we've seen. Here's how
- Meta's new $299 Quest 3S is the VR headset most people should buy this holiday season
- Get Microsoft Office 2019 for Windows or Mac for $25
Warning for Colleges on COVID-Based Phishing Attacks | Inside Higher Ed
Phishing emails targeting U.S. universities are leveraging the pandemic by enticing users to enter their log-in credentials for fabricated COVID testing registration requests, according to researchers with the security company Proofpoint.
Hackers began sending thousands of messages mimicking legitimate log-in portals to dozens of North American colleges in October, company representatives said in a blog post published this week. The post noted that Proofpoint’s researchers have “observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021.”
Brett Callow, a threat analyst with the cybersecurity company Emsisoft, said cybercriminals habitually leverage news events to trick their victims.
“If there’s a significant event, be it a pandemic or a Super Bowl, it will be used as bait for phishing,” Callow said.
Selena Larson, a senior threat intelligence analyst at Proofpoint and co-author of the blog post, wrote that the wave of phishing attacks citing the Delta, and now the Omicron, variants were unusually specific in their targeting of universities. She said company researchers predicted the attacks will increase in the next two months as colleges respond both to holiday travel and the emergence of the Omicron variant with more campus testing.
The phishing emails included attachments or URLs for “pages intended to harvest credentials for university accounts,” the Proofpoint blog post said. “The landing pages typically imitate the university’s official login portal, although some campaigns feature generic Office 365 login portals.”
Researchers reported that emails with URLs using the subject “Attention Required—Information Regarding COVID-19 Omicron Variant—November 29” lured victims in and then led them to a spoofed landing page. Some victims were redirected to a legitimate university communication after hackers captured credentials, the blog post said.