A new phishing email campaign targeting college students and staff to capture log-in credential and infect computers with malware is taking advantage the coronavirus pandemic to appear more legitimate to its targets.
This campaign is part of a growing trend of hackers exploiting fears about the novel coronavirus, including government-backed hackers using coronavirus-themed messages to spread spyware and deliver malicious files. The San Francisco-based software company Abnormal Security published an advisory on its website last Friday noting that attackers are using the fact that students and staff are “likely highly attuned to any news about a university’s response to the outbreak, and thus are more likely to engage with an email about it.”
“The use of current events is something that has been leveraged very heavily over time,” Abnormal Security Vice President Ken Liao told EdScoop. “These attackers are ultimately trying to take advantage of the anxiety that we have in this global situation, which is causing us to let our guard down a little bit.”
The company told EdScoop between 10,000 and 20,000 inboxes are known to have received the emails. It didn’t name specific institutions, but said the emails came from “a half dozen large, well-known universities, likely due to their prominence in research, lending credibility to the attackers’ lure.”
“One large Midwest university was targeted with over 1,600 phishing attacks,” the company wrote EdScoop in an email. “These same universities with the compromises are also on the receiving end of these attacks; a trend we expect to continue as more accounts become compromised across the different universities.”
By creating an email that looked as though it was coming from a university’s board of trustees with important information from the institution’s “health team,” the phishing campaign has capitalized on the current health crisis and the constant communication from universities to their students and staff relating to the coronavirus pandemic.
The phishing email’s link directs users to a false login page for Microsoft Office 365, where the recipient might hand over their long-in credentials. In some cases, the link infects the computer with malware, according to Abnormal Security.
“Depending on whose credentials that they’re gaining, this could lead to another round of these types of attacks,” Liao said. “If you get a faculty member or another lecturer, well, that’s yet another account that you can leverage to continue this cycle.”
Malware installed through the emails potentially enables attackers to interfere with institutions’ financial transactions, he said. To guard against this and similar cyberattacks exploiting the heath crisis, Liao said college students and staff need to be extra vigilant about what is coming into their inboxes.
“The university environment needs to be even more precautious given these times,” he said. “You really need to think twice before you click on any link in the email or open any attachment — even those that you’re getting from someone you know.”
Exploiting major public health crises and disasters is not new for hackers. During Hurricane Katrina, many researchers reported upticks in phishing campaigns and scams.
“Current events, just in general, were leveraged as part of the social engineering aspect of fraud,” Liao said.