• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Multiple Phishing Campaigns Target Universities

October 30, 2018 by Satwika Balakrishnan 3 Comments

As per the research performed by Kaspersky Lab, there has been nearly 1,000 phishing attempts hitting at least 131 universities in 16 countries over the last year. Researchers say that attackers are targeting users with fraudulent web pages that look identical to the university’s official page. The only thing that distinguishes it from the original web page is a slightly different URL, which mostly is difficult to detect. Once a user clicks on the link, they are redirected to credentials-stuffing pages, and are asked to provide sensitive information, which includes university account credentials, IP addresses and location data. There were phishing pages mimicking the login pages of the University of Washington, Harvard Business School, and Stanford University.

Collecting the IP addresses would enable cyber-criminals to circumvent anti-fraud systems “by masquerading as account holders”. Moreover, personal accounts on the university site would provide access to both general information as well as paid services and research results.

The University of Washington (11.6% of attack attempts), Cornell University (6.8%) and the University of Iowa (5.1%) were top three targeted schools.

https://www.infosecurity-magazine.com/news/multiple-phishing-campaigns-target/

 

Filed Under: Week 09: Malware Tagged With:

Reader Interactions

Comments

  1. Haitao Huang says

    October 31, 2018 at 4:42 pm

    A social-engineering attack is an attempt by an attacker to convince someone to provide information (such as a password) or perform an action they wouldn’t normally perform (such as clicking on a malicious link), resulting in a security compromise. Social engineers often try to gain access to the IT infrastructure or the physical facility. User education is an effective tool to prevent the success of social-engineering attacks.

    Log in to Reply
  2. Yingyan Wang says

    November 2, 2018 at 4:54 pm

    Social engineering attack usually based on people’s false judgement. Not just university, but also companies and organizations should understand the negative impact of social engineering attack. Moreover, awareness training is significant to be provided to students and employees. Organizations should consider user education as a tool to help secure data and information.

    Log in to Reply
  3. Nishit Darade says

    December 16, 2018 at 9:01 pm

    Hi Satwika,

    I am surprised that there have been so many top tier universities fallen to this social engineering attack. Hope this university provides security awareness training to their students.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in