Bad Guys go Nuclear

By April 19, 2018 Phishing Scams
Photograph of the outside of a building with a sign reading University

Heads-up. You’d think it could not get any worse, but some bad guys have sunk to a new low. They are now exploiting recent active shooter events on campus to get people panicked and “click-by-reflex” to find out if a loved one is safe. This same phishing attack could be used against any organization with an active shooter protocol and training in place. These are some of emails titles you will see:

  • “IT DESK: Security Alert Reported on Campus”
  • “IT DESK: Campus Emergency Scare”
  • “IT DESK: Security Concern on Campus Earlier”

Given that it appears to be tailored to a particular educational institution and its students and employees, it’s a good bet that other educational institutions could see similarly targeted phishing attacks. From there, the campaign will move to other targets.

What makes this particular attack so infuriating is that it exploits current concerns over active shooters on education campuses — a sensitive issue that could likely generate panicked, reflexive clicks from recipients who are already on edge over the recent High School shootings.

This social engineering scheme could be easily used against any school system, state and local government, large private corporations (think of the recent mass shooting at YouTube headquarters) — or any organization that is likely to have established active shooter protocols and training in place.

If there is any saving grace with this phish, it lies with the awkward choice of language (“an emergency scare”), which should tip off most users that something is not right with this email. Those for whom English is second language might not pick up on that, though, and students whose native language is not English are quite common on college campuses.  

This particular phish spoofs a campus-wide security alert for a community college (confidential information blocked out) in Florida.

Image of phish spoof alert for a community college in Florida with confidential information blocked out

 

These emails contain embedded links that lead to credentials phishers that spoof Microsoft — a large IT presence on campuses.

 

Screen shot of spoofed Microsoft Account login window

 

It’s worth noting that institutions of higher education are at higher risk for phishing attacks as well as ransomware attacks. Please share this post with your co-workers, employees, friends and family, whether they are in a college or not. Let’s stay safe out there.

Please think before you click, and look for any red flags related to a phishing scam.

Read more: Your Apple ID Has Been Locked

Leave a Reply