Researchers at Sans Institute said that the attacks are disguised as messages from administrators performing a 'database update'.
The messages state that in order to keep their email accounts, the students must 'verify' the accounts by replying to the message with details such as user names, passwords and date of birth.
Researcher Mark Hofman wrote in the Internet Storm Center blog that the attacks are similar to those on European ISPs spotted earlier this year.
The attackers use email addresses with the name of the school, although the accounts are hosted by an external email service such as Hotmail.
Hofman noted that, because the attack targets individual students, few messages are sent and the emails will often slip past spam filters.
Administrators should be on the lookout for a large volume of incoming messages from the same address, as well as a large volume of messages with multiple recipients. Students should also be warned about the attacks.
Spear phishers target US students
By
Shaun Nichols
on Feb 5, 2008 8:20AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Kaseya Dattocon APAC 2024 is Back
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Sponsored Whitepapers
Easing the burden of Microsoft CSP management
-1.jpg&w=100&c=1&s=0)
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
.png&w=100&c=1&s=0)
