Recently, a new wave of email phishing attacks aimed at higher education surfaced. The email phishing attack is comprised of a very well designed, but fake, district/campus letter, with links or file attachments that lead to a request for login credentials.
NOCCCD was the target of such an attack several weeks ago. Fortunately, alert users who received the phishing email forwarded it to our IS Security team within minutes of receiving it and the threat was quickly contained. Look at the screenshots below of the phishing email and file attachment. The phishing signs are highlighted, with explanations provided below the screenshot (use Ctrl + or Ctrl – to adjust zoom as needed for readability).
An email allegedly from Chancellor Marshall was sent to district employees with a request to open a file attachment (PDF). A sample of the email appears below for your reference.
When opened, the file attachment contained a link to download a document.
Clicking the link will display a page allegedly from Microsoft Office 365.
Note the URL of this page appears to be a non-Microsoft site.
Clicking the Download File link will display a login box requesting your ID and password to the email server.
Once entered, the user is returned back to the NOCCCD home page.
There is no shared document to download and open. The login information provided by the user is sent to the person who created the phishing email. The login information is eventually used to gain unauthorized entry to the user account.
The most likely action that takes place after unauthorized entry is theft of any student/employee PII (Personal Identifiable Information) stored in email or accessible online file storage.
How did the cyber criminal obtain the authentic document to create the phishing email? Further, the cyber criminal also had a specific list of target recipients, all likely to possess sensitive information in their email or file storage. How was that list of target recipients generated? The probable method used to obtain all of the information for the phishing attack is a combination of various social engineering techniques. Read more about social engineering (see link below) to be more aware of how to spot it and take preventive steps to keep sensitive information secure.
For further reading on social engineering and phishing, check out these earlier CaTT Tales articles posted.