Higher Education Becoming Victims of Spear-Phishing Assaults, finds REN-ISAC
REN-ISAC (Research and Education Networking Information Sharing and Analysis Center) a vital element of the plan for higher education aimed at enhancing network security, of late, issued an advisory which states that advanced spear-phishing assaults are increasingly targeting universities' administrators and faculty members, published digitaljournal.com dated November 19, 2014.
It's said prior to these phishing assaults, cyber-criminals harvest e-mail ids of the staff and faculty from the online sites made public in campuses. Posing as a message that HRD (human resource department) of the university has sent, the phishing e-mail informs the victim regarding a salary change and that he should click a given web-link for learning more about those changes. But, the web-link actually leads onto certain page which looks like the payroll or human resources site of the university while captures the victimized user's credentials for logging in.
These captured credentials, now with the attackers, are then utilized for altering direct deposit system of the victim so his payroll deposits can be rerouted towards the criminals' A/C. Such assaults seem as thoroughly planned as also extremely organized since they most successfully look like university portals, graphics, as also are frequently distributed at the time of faculty reviews. Moreover, just like personalized phishing assaults target payroll data, they also utilize user-credentials acquired via the method for hacking into the institutional network's other sections that could have intellectual property, critical personal info alternatively other confidential details.
Executive Director Greg Wendt for Security Solutions at GreyHeller says the con artists have higher education work like one honey pot. Many more institutions are known to this organization which became targets of spear-phishing assaults than are referred to within REN-ISAC's study, he notes. Digitaljournal.com published this.
However, for remaining safe from the above kind of phishing e-mails, virtual private network (VPN) else dual-factor validation can be deployed that would make it more hazardous for the attackers, if not wholly halt their assaults. Besides, Internauts must exercise greater caution while checking e-mail as also not transmit account details, whether or not, anybody asks for them. Finally, users must be careful to recheck web-addresses sent through e-mails, which ask to login.