As I have mentioned about in previous blogs, Phishing remains one of the most widely used attack vehicles by the Cyberattacker, even though it is still deemed to be one of the oldest.  From the research I have done, the first true Phishing schemes originated back in the mid 90’s, but the first publicly known Phishing attack did not occur until the late 90’s, when AOL took a serious hit.

Over these last 20 years, Phishers have changed their tactics and strategies to the point now it is even difficult to tell if you are at an authentic website or not.  Also, Phishers just don’t embark on sending spoofed Email messages all at once; rather they efforts are now extremely surgical in nature.  Meaning, they take the time when it is appropriate and then they strike when the victim has his or her guard down.

A perfect example of this is the seasonality in which they hit.  Tax filing season is the most notorious for this, as well as the holiday season, when shoppers are out in full force.  Another unfortunate time when Phishers attack is in the wake of natural or physical disasters, when people are at their weakest and most vulnerable moments. 

But now, there seems to be a new trend in the seasonality in which they hit:  Back to school.  But this time, thee target is not Corporate America or just the average US citizen.  Rather, it is the college student.  In fact, given now that it is back to school time, many universities and colleges not only here in the United States but worldwide are reporting a sharp increase in these kinds of attacks.

In fact, a Cybersecurity firm known as “Proofpoint” determined that it is the education that saw the largest increase in Phishing attacks, at an alarming rate of 192%. 

One Phishing group that are launching these kinds of attacks is the “TA407/Silent Librarian”.  In this instance, the Cyberattackers send to the faculty, staff and students Emails with malicious links or attachments directing victims to spoofed university login portals.

The Emails have a specific theme that asking students to renew their library account, by stating the following: “Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!”. 

Of course, if the individual is alarmed enough, then he or she will either download the attachment or click on the phony link, which will then take them to a spoofed website, asking them to submit their login credentials.  This is illustrated below:


An illustration of the spoofed is illustrated below as well:


Once the student has entered their login info, they then get an error message saying that the login attempt has failed.  But it did go through, and the Phisher now has those credentials.  It is also important to note that these kinds of attacks are not aimed at certain geographic areas; rather they are campaign focused, as in the case with these library-based Phishing attacks.

To make matters even worse, as mentioned, it is not just the students that are being targeted, but even the faculty, and the administrative as well.  But, these kinds of specialized Phishing Attacks just do not stop with the above examples.  Given just how digitally connected a college education these days, other prime targets include the following:

*Online essay repositories;

*Online textbooks;

*Online chat forums amongst other students and the professor of a certain course.

In fact, according to a report from Kaspersky, there over 356,000 malicious files spoofed under university/college as well as student filenames. This includes 223,000 malicious essays being downloaded to computers which are owned by more than 74,000 people, 33% (122,000) of them being malicious online textbooks.

From the above-mentioned group, it appears that online English textbooks had the most malware, followed by Algebra and Calculus online textbooks that impacted 1,213 students, then followed out by Literature online textbooks with 870 victims. It should be noted that the most notorious malware files that were deployed by the Phishing Emails include the following:

*The “Stalk” worm;

*The Win32.Agent.ifdx malware downloader;

*The WinLNK.Agent.gen downloader;

*The MediaGet torrent application downloader.

My Thoughts on This

Playing the devil’s advocate, it makes sense for the Phisher (aka the Cyberattacker) to target all kinds and types of educational institutions, most notably the colleges and the universities.  There are several key reasons for this, which include the following:

*Unlike the corporate sector, universities and colleges don’t keep up with a regular software patch/firmware upgrade process for their IT Infrastructures;

*Students in college or a university are at an age when they are most impressionable; thus, they can fall quite easily into a Phishing trap if the Email message is alluring and enticing enough;

*Trying to implement a Security Awareness Training program to educate college students and faculty as well as staff about what to look for in a Phishing Email is almost close to impossible, just given the sheer volume of the number of people involved and keep changing hands (in this instance, we are talking about tens and thousands, versus just a few hundred at a place of business);

*Universities and colleges try to foster and maintain a sense of openness and collaboration amongst peers.  As a result of this, pretty much everybody has their guard down, thus exposing the weak spots on an IT Infrastructure even more;

*Just given how large the population size is at a college or university, everybody will have varying degrees of experience with using computers.  Because of this, it will make Security Awareness Training that much more difficult;

*The databases at a college or university contain much more Personal Identifiable Information (PII) than would a company database;

*As mentioned, since everything a student needs is now available online (such as textbooks, class notes, homework assignments, old exams, real time communications on the Smartphone, etc.), this only greatly expands the attack surface for the Phisher.

Want to know more about how to protect yourself from a Phishing Attack?  Subscribe to our quarterly newsletter; the next issue is all about Phishing.  Also, conducting a simple Google search will give you all the tips that you will ever need.