col-bgimage-3

Your Security is Key to our buinsess

Every aspect of your infrastructure from Applications to People to Web Sites poses a risk in the current environment. We are here to work through and mitigate these threats, and make your business IT as secure as possible.

Bad_guys_go_nuclear

 So, this one is the next new criminal low.

This particular phish spoofs a campus-wide security alert for a community college (confidential information blocked out) in Florida.

Given that it appears to be tailored to a particular educational institution and its students and employees, it’s a good bet that other educational institutions could see similarly targeted phishing attacks. From there, the campaign will move to other targets.

What makes this particular attack so infuriating is that it exploits current concerns over active shooters on education campuses — a sensitive issue that could likely generate panicked, reflexive clicks from recipients who are already on edge over the recent shooting at Marjory Stoneman Douglas High School — also in Florida.

This social engineering scheme could be easily used against any school system, state and local government, large private corporations (think of the recent mass shooting at YouTube headquarters) — or any organization that is likely to have established active shooter protocols and training in place.

If there is any saving grace with this phish, it lies with the awkward choice of language (“an emergency scare”), which should tip off most users that something is not right with this email. Those for whom English is second language might not pick up on that, though, and students whose native language is not English are quite common on college campuses.

We have seen several variations on this Scam Of The Week with the following subject lines:

  • “IT DESK: Security Alert Reported on Campus”
  • “IT DESK: Campus Emergency Scare”
  • “IT DESK: Security Concern on Campus Earlier”

All three contain embedded links that lead to credentials phishes that spoof Microsoft — a large IT presence on campuses.

Office_Spoof_Campus


It’s worth noting that institutions of higher education are at higher risk for phishing attacks generally, as well as ransomware attacks.

I suggest you send this email to your employees, friends and family, whether they are in a college or not. Feel free to copy/paste/edit:

"Heads-up. You'd think it could not get any worse, but some bad guys have sunk to a new low. They are now exploiting recent active shooter events on campus to get people panicked and "click-by-reflex" to find out if a loved one is safe. This same phishing attack could be used against any organization with an active shooter protocol and training in place. If you see emails with titles like:

  • “IT DESK: Security Alert Reported on Campus”
  • “IT DESK: Campus Emergency Scare”
  • “IT DESK: Security Concern on Campus Earlier”

Please think before you click, and look for any red flags related to a phishing scam. In any case, click on the Phish Alert Button to send this email to IT."