What's going on?
Recently, we have recorded a spear-phishing campaign targeting employees of the Faculty of Arts and the Faculty of Law of Masaryk University. Spear-phishing is one of the social engineering techniques in which the attacker uses psychological manipulation of the victim.
The attack was carried out through compromised accounts of employees of Charles University and the Spanish University of Granada. The fraudster disseminated mass e-mails from these accounts with the subject "Please read: Important message from Masaryk University". If the employee opened this e-mail, a message was shown to them, which prompted them to click on the attached link. This link should redirect them to a fake employee portal login page. If an employee fills in their login details into this fraudulent form, they would be sent directly to the attacker. This would compromise the employee account, and the attacker could use the login information for their purposes. For example, to send another wave of spear-phishing e-mails.