You have /5 articles left.
Sign up for a free account or log in.

Create Free Account

Phishing emails targeting U.S. universities are leveraging the pandemic by enticing users to enter their log-in credentials for fabricated COVID testing registration requests, according to researchers with the security company Proofpoint.

Hackers began sending thousands of messages mimicking legitimate log-in portals to dozens of North American colleges in October, company representatives said in a blog post published this week. The post noted that Proofpoint’s researchers have “observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021.”

Brett Callow, a threat analyst with the cybersecurity company Emsisoft, said cybercriminals habitually leverage news events to trick their victims.

“If there’s a significant event, be it a pandemic or a Super Bowl, it will be used as bait for phishing,” Callow said.

Selena Larson, a senior threat intelligence analyst at Proofpoint and co-author of the blog post, wrote that the wave of phishing attacks citing the Delta, and now the Omicron, variants were unusually specific in their targeting of universities. She said company researchers predicted the attacks will increase in the next two months as colleges respond both to holiday travel and the emergence of the Omicron variant with more campus testing.

The phishing emails included attachments or URLs for “pages intended to harvest credentials for university accounts,” the Proofpoint blog post said. “The landing pages typically imitate the university’s official login portal, although some campaigns feature generic Office 365 login portals.”

Researchers reported that emails with URLs using the subject “Attention Required—Information Regarding COVID-19 Omicron Variant—November 29” lured victims in and then led them to a spoofed landing page. Some victims were redirected to a legitimate university communication after hackers captured credentials, the blog post said.

Next Story

Graphic showing the map of the United States and the states planning to not follow the new Title IX rule
Government
Political Standoff Over Title IX Puts Red State Colleges in No-Win Situation

Eight states—so far—say they’ll defy the Biden administration and not comply with the new Title IX regulations.

Written By

Suzanne Smalley

More from Quick Takes

Man using a laptop computer chatting with an artificial intelligence asks for the answers he wants.
Quick Takes
College-Bound Students Concerned About AI Skills
Pro-Palestinian protesters wearing masks and holding signs stand on stairs near an encampment at the UCLA campus
Quick Takes
Poll: Nearly Half of Adults Oppose the Pro-Palestinian Protests at Colleges
A gold-domed building surrounded by mature trees in full foliage.
Quick Takes
Connecticut Waters Down Anti-Legacy Bill