Late last week a significant number of our students received a phishing email purporting to be from our Finance Department but originating from student email addresses at another university. The email said they had been awarded a grant and they needed to click on a link to go to a form to complete their details.
The link took them to a fake university-branded webpage, hosted on a compromised server in the US. The web page asked them for a large amount of personal data, including DoB, mother’s maiden name, bank card details etc. Further, on submitting it took them to a subsequent page branded to the bank that they had entered, asking for further information such as telephone passcode, last transactions, etc. In other words, everything necessary to steal identity and get past bank online and telephone security checks. A sophisticated attack.
This was clearly targeted at our students, as the site was branded and no obvious reference to other universities on the compromised web server, but it is possible that others will see similar attacks in the next few days.