Security News > 2020 > October > University Email Hijacking Attacks Push Phishing, Malware
![University Email Hijacking Attacks Push Phishing, Malware](/static/build/img/news/university-email-hijacking-attacks-push-phishing-malware.jpg)
Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities - including Purdue University, University of Oxford in the U.K. and Stanford University - and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware.
The highest number of phishing emails detected came from compromised Purdue University accounts, stolen in campaigns from Jan. to Sept. Behind Purdue University was Oxford, Hunter College and Worcester Polytechnic Institute.
An easy red flag here is that the sender's email address is a legitimate university account - yet the email purports to come from Microsoft, researchers said.
What gives the cybercriminals a leg up in this incident is that the header of the email confirms that this phishing email originated from Stanford University servers, allowing the sender to pass Sender Policy Framework filtering for university domains, researchers said.
"Search-engine results also confirm that the address sending this phishing email corresponds to a real university profile," said researchers.
News URL
https://threatpost.com/university-email-hijacking-phishing-malwarephishing-malware/160735/
Related news
- More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack (source)
- AI-driven phishing attacks deceive even the most aware users (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation (source)
- Monday.com removes "Share Update" feature abused for phishing attacks (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (source)
- Malware botnet bricked 600,000 routers in mysterious 2023 attack (source)
- FlyingYeti phishing crew grounded after abominable Ukraine attacks (source)
- DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks (source)