Hackers are targeting university emails to gain access to employees' direct deposit information and reroute their checks, according to a public advisory issued on Wednesday by the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). The attack starts with a phishing email, a common malicious attack where recipients are duped into clicking on a link inside an email disguised as an official message from their institution. They are then asked to input their university login information, which the hackers can use to take over their accounts and send more phishing emails -- or, in this case, steal money from the university.
"Attempting to harvest credentials through phishing is a common practice, but certain aspects of this campaign indicate that attackers are specifically targeting university and college personnel and conducting some level of reconnaissance prior to their attack," the advisory reads. In the past 15 months, Boston University, Texas A&M University, the University of Iowa, the University of Michigan and the University of Western Michigan have been targeted.
Opinions on Inside Higher Ed
Inside Higher Ed’s Blog U
What Others Are Reading