University Email Hijacking Attacks Push Phishing, Malware

2020-10-29 20:45

Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities - including Purdue University, University of Oxford in the U.K. and Stanford University - and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware.

The highest number of phishing emails detected came from compromised Purdue University accounts, stolen in campaigns from Jan. to Sept. Behind Purdue University was Oxford, Hunter College and Worcester Polytechnic Institute.

An easy red flag here is that the sender's email address is a legitimate university account - yet the email purports to come from Microsoft, researchers said.

What gives the cybercriminals a leg up in this incident is that the header of the email confirms that this phishing email originated from Stanford University servers, allowing the sender to pass Sender Policy Framework filtering for university domains, researchers said.

"Search-engine results also confirm that the address sending this phishing email corresponds to a real university profile," said researchers.

News URL

https://threatpost.com/university-email-hijacking-phishing-malwarephishing-malware/160735/

#attack #email #hijacking #malware #phishing

News URL

Related news