Security staffs at a number of universities are dealing with what appears to be a sustained phishing attack that is attempting to compromise user email accounts. The attack began in late January and has affected several schools, including Princeton, NC State, Vanderbilt and others. The attack is somewhat similar to so-called spear phishiing attacks that have been seen by customers of some credit unions, small banks and non-profit organizations. The email messages appear to come from someone in the school’s IT staff and ask the recipients for their usernames and passwords, according to messages on the Unisog security mailing list. Any accounts that are compromised are then used to send spam or other phishing messages.
Administrators at a handful of universities confirmed that a few accounts at their schools had been compromised so far, but the damage seems to be fairly limited. The messages themselves are well-constructed, with no grammatical or spelling errors. The main clue that they’re fakes is that the reply-to address is typically a Hotmail or Yahoo address.