Warning: Ongoing spear-phishing campaign

The Cybersecurity team of Masaryk University is issuing a warning against a wave of spear-phishing e-mails.

15 Jul 2022 Warnings

No description

What’s going on?

Spear-phishing can be described as a more sophisticated kind of phishing techniques. More precisely, it is an attack where fraudulent messages are sent to specific persons or a group of persons to obtain personal or sensitive information. This week, the Cyber Security Team of Masaryk University recorded a wave of spear-phishing e-mails that include the following notification in their message: "You have an important security warning regarding the 2022 salary schedule." An almost identical wave also took place in 2020. Under this notification, the attackers attach a link that, when clicked, redirects the user to a phishing form with the visual style of the Masaryk University Information System. Therefore, in this case, the attackers' goal is to obtain login data to this system.

What to do? 

Spear-phishing messages are written in such a way that, at first glance, they are as closely related as possible to the work focus of the victim. This initiates the tendency to click on them and proceed with further actions according to the instructions in the message (for example, logging in). Their insidiousness also lies in the fact that they can easily hide among other work messages. Therefore, if you receive a similar message, please do not reply to the email, do not click on the attached links, and report it to our team, ideally including the e-mail header. Thank you!

Bonus

Read the story of Andrej, who experienced a spear-phishing attack.

Conclusion 

Spear-phishing attacks are an increasingly popular technique for attackers in cyberspace, as they are unfortunately often successful in their use. There are also many similarly insidious techniques, which led us to the creation of the Techniques of social engineering course. In this course, you can learn about the most famous ones. The instructions on how not to get scammed are, of course, included.
If you want to become more confident in cyberspace in general, we recommend our online course Cyberkompass online, which we provide for free to everyone.
You can find everything important about cyber security at Masaryk University at security.muni.cz.


More articles

All articles

You are running an old browser version. We recommend updating your browser to its latest version.