Several UK Universities have been the target of a phishing campaign, offering government-certified cybersecurity courses.
At least one university’s accounts were accessed during the campaign, which seems to have lasted months.
Jake Moore, ESET Security Specialist, comments on a lack of security education being a problem and the continued threat which phishing poses.
“Regardless of whether or not these universities were singled out or not, the simple fact remains that phishing emails are still a major threat.
“People with UK university log-ins were sent phishing emails to trick them into giving up their passwords and I wouldn’t be surprised if a sizable number fell for it.
“It seems plausible that your university library would email you as a student, direct you to a page and then ask for your credentials.
“This would indeed be something that the students would be expecting and therefore comply with, especially someone with an untrained eye unaware that the redirected page could be fake.
“We have to remember that we are human, and humans make mistakes. Even cautious people can sometimes click on malicious attachments or links.
“This is simply because education still isn't enough, and people will continue to be fooled. It's just that simple.
“We need to remind people that even with the best systems in place, simple phishing emails can still get through the net and do some damage.
“Maybe the universities could implement two factor authentication as another layer of security to help mitigate further attacks so even if the criminals grab hold of the passwords, they would still struggle to penetrate the network.”
Have you ever been a victim of a similar phishing campaign? Let us know on Twitter @ESETUK.