Complex phishing emails and elaborate web-based scams are being used to attack students at the University of Connecticut. The range to which students have been focused on with these scams has lead toUConn Chief Information Officer and Provost for Information Technology to issue a warning to all students to be on high alert.
A number of students at the university have been sent sophisticated phishing emails in recent months that seem to have been sent from University President Susan Herbst. Like many universities and other educational institutions, the email system is secured with a spam filter. Most spam and scam emails are filtered out, although some do get through. If these emails are sent to students, there is a good chance that they will be opened. After all, the messages do look like they were sent from the University president.
The emails contain malicious attachments or links to websites that try to steal login information and the scam is sophisticated and highly convincing. Many students would be unconscious that they have been scammed after disclosing their login details.
The same can be said of malware infections, which usually happen silently when a malicious website is clicked on. Criminals are attempting to download key-loggers that record all sensitive data entered on compromised devices.
These scams are aimed at getting students to disclose their bank account information, credit card data, or Social Security numbers and personal data. The hackers can then use this information for a wide range of nefarious purposes including identity theft.
Complex Phishing Emails are the New Norm
Previously email scams were simple easy to identify. They often included many grammatical and spelling errors and included offers that sounded too good to be true. However, today, complex phishing emails are the new norm and they can be very difficult to spot. Emails are sent from those in authority, are grammatically perfect, and the hackers use wide range of social engineering techniques to get victims to disclose sensitive data or follow a number of steps.
The scammers are also increasingly sharing highly targeted emails. These ‘spear phishing’ emails use personal details unique to the recipient to add credibility. Information is often gathered from social media and professional networking sites.
