It was recently reported that Iranian cyber criminals tried to hack into UK university accounts, targeting at least 18 British universities including top-flight institutions. People with U.K. university log-ins were sent phishing emails to trick them into giving up their passwords. Jake Moore from ESET UK comments:
Regardless of whether or not these universities were singled out or not, the simple fact remains that phishing emails are still a major threat. People with UK university log-ins were sent phishing emails to trick them into giving up their passwords and I wouldn’t be surprised if a sizable number fell for it. It seems plausible that your university library would email you as a student, direct you to a page and then ask for your credentials.
This would indeed be something that the students would be expecting and therefore comply with, especially someone with an untrained eye unaware that the redirected page could be fake. We have to remember that we are human and humans make mistakes. Even cautious people can sometimes click on malicious attachments or links. This is simply because education still isn’t enough and people will continue to be fooled. It’s just that simple.
We need to remind people that even with the best systems in place, simple phishing emails can still get through the net and do some damage. Maybe the universities could implement two factor authentication as another layer of security to help mitigate further attacks so even if the criminals grab hold of the passwords, they would still struggle to penetrate the network.