Students targeted with university-themed phishing emails

News
By published

Scam looks to steal Office 365 credentials

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

A new phishing campaign has been discovered that looks to impersonate communications from universities. Like many other phishing attacks, the scam aimed to trick individuals into handing over their Office 365 credentials.

Cloud-based email security firm Zix discovered the attack back in October, after identifying suspicious activity coming from legitimate university .EDU servers. Threat actors would sometimes impersonate a university’s IT department, asking targets to take action if they wanted to keep their Office 365 password the same before a fictitious expiry deadline passed.

Potential phishing victims were then redirected to a domain that asked visitors to authenticate themselves by entering their Office 365 usernames and passwords – unwittingly handing them over to the attacker. A similar technique was employed in order to steal Outlook credentials.

Phishing season

The AppRiver team at Zix identified this phishing campaign as particularly noteworthy for the way that it bypassed a number of sender verification checks, including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

Although corporate phishing campaigns attract much of the attention, scams targeting the education sector are not uncommon. In October, Malwarebytes highlighted another phishing attack that was directing efforts against universities and schools.

More generally, phishing campaigns seemed to have thrived this year, with threat actors taking advantage of the confusion and misinformation that has surrounded the coronavirus pandemic. Zix has recommended that organizations, whether in the corporate or education sector, become better prepared for the many phishing threats circulating today. In addition to investing in a robust email security solution, organizations should also train their staff to remain vigilant against suspicious emails.

Via Zix

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Latest in News
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
More about security
NHS

NHS IT supplier hit with major fine following ransomware attack
Data leak

Top home hardware firm data leak could see millions of customers affected
Apple Watch Ultra 2 displaying a step count and distance

Using a smartwatch could be a game-changer for people with diabetes, new research suggests
See more latest
Most Popular
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
Garmin Fenix 8 vs Enduro 3 comparison
Garmin adds premium Garmin Connect+ tier with AI features – but promises your free experience ‘is not going away’
Microsoft Copilot combines the Microsoft 365 apps, Microsoft Graph and Artificial Intelligence. Isolated 3D logo on a surface
Microsoft adds Copilot AI features to Windows 11's Photos app - and I actually don't hate them
Nintendo Direct live blog.
Nintendo Direct live build-up: no Switch 2, but these are our predictions for what we could see
NHS
NHS IT supplier hit with major fine following ransomware attack
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
inZOI.
inZOI early access won't feature Denuvo DRM after all, 'we are committed to making inZOI a highly moddable game'
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
All three rumored Samsung Galaxy S25 Edge colors shown off in ‘official’ images