A phishing campaign targeting university employees has already claimed several victims and has seen many email accounts compromised.

Emails are tailored to the institution and use a range of social engineering tricks to convince employees to click a link in the email and enter their Office 365 login credentials to access online content. The credentials are captured and used to gain access to university email accounts.

Once credentials have been obtained, a treasure trove of sensitive data can be plundered. Emails and email attachments contain personally identifiable information of staff, students, and parents, which can be used to commit identity theft and other fraudulent acts. Proprietary information can be obtained, along with details of contacts. The compromised accounts can also be used to conduct further phishing attacks on the university and externally on business contacts and other educational institutions.

Campaigns convincing users to install malware can give the attackers full control of university computers and a foothold to move laterally throughout the network. Access to university email accounts and backdoors in university computers are sold on the dark web, along with a range of stolen and forged university documents.

The healthcare industry is heavily targeted by cybercriminals due to the high value of health data. Health data is versatile and can be used for a multitude of fraudulent purposes. It also has a long-life span and can be used for much longer than financial information.  Cybercriminals are also now realizing the potential rewards from attacks on universities. Student data is similarly versatile, and the wealth of data stored in university email accounts provides plenty of opportunities for profit.

Oregon State University is the latest university to announce it is the victim of a phishing attack. The Office 365 email account of an employee was compromised, through which the attacker had access to the records of 636 students. The account was used to send phishing emails to other entities throughout the United States.

Graceland University in Iowa and Southern Missouri State University recently announced that several email accounts had been compromised in recent phishing attacks, which would have allowed access to be gained to sensitive information.

It is unclear whether this is a single campaign or part of a wave of separate attacks on universities. What is clear is the attacks are increasing, so universities should take steps to improve email and web security.

Employees are being targeted so it is important to ensure that staff members are taught email security best practices and are shown how to identify phishing emails.

Technological defenses can also be improved to prevent malicious messages from arriving in Office 365 inboxes. As an additional protection, a DNS filter can be used to prevent users from accessing phishing websites and other known malicious web pages.

TitanHQ has developed powerful anti-phishing and anti-malware solutions for universities that help them protect against email and web-based attacks.

SpamTitan is a powerful anti-spam service that incorporates DMARC authentication and sandboxing to provide superior protection against impersonation and malware attacks for Office 365 users.

WebTitan is a DNS filtering solution that prevents users from accessing known malicious websites, such as those used for phishing and distributing malware.

To improve Office 365 phishing defenses and better protect your email accounts and networks from malware attacks, contact TitanHQ for further information on these two powerful cybersecurity solutions for educational institutions.