University student accounts are being exploited for business email compromise. Researchers at Avanan have observed a rise in attacks that compromise legitimate college student accounts in order to carry out business email compromise (BEC) attacks. “In this attack,” the researchers say, “hackers are compromising student accounts to launch broader BEC and credential harvesting attacks.”
“We’ve seen a generous uptick in threat actors compromising student accounts, and then using them to send out BEC and credential harvesting messages. In this case, this same compromised account sent out numerous messages to a variety of organizations. The university, based in Arizona, is not an Avanan customer, and it’s not clear how the compromise began.
Regardless, this represents an effective tactic by hackers. Compromising a student account can be done quite efficiently. From there, leveraging the legitimacy of that email account, it’s easy to send out multiple of the same messages to a variety of targets. That makes this an effective way for hackers to send out a wide spectrum of messages with just one compromise.”
The phishing emails sent from the accounts appear to be support messages informing the user that several emails are being held for review. The user is directed to click a link in order to view the blocked emails. Avanan notes that there are several red flags in the emails, “such as where the URL goes to and also the fact that a university account wouldn’t be used to send support messages.”
The goal of acquiring credentials to university email accounts, then, is to enable further phishing operations. Avanan suggests that the ultimate goal of the phishing would be business email compromise, a form of cybercrime based on social engineering that’s growing increasingly dangerous. New school security awareness training, however, can afford any organization a measure of protection, both from the initial phishing and the subsequent BEC attempts.
Avanan has the story.