Read more below:Cybercriminals are hijacking legitimate email accounts from more than a dozen universities – including Purdue University, University of Oxford in the U.K. and Stanford University – and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware.
Dave Bagget, CEO and co-founder of INKY, told Threatpost that there is no indication of how the accounts were compromised — but he speculated that the victims fell for a credential-harvesting scheme. Bagget also said that this month researchers continued to see phishing emails from real university accounts, so some accounts appear to still be compromised.
“A student may never change an originally assigned password, or may share it with a friend or friends,” according to Inky researchers on Thursday. “A professor may give a student the password to an account for a particular project and never change it when the project is done. Hackers tapping around find these carelessly handled accounts, take them over, and change the passwords themselves, locking out the original owner.”
Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF.