Australian universities targeted in identity stealing phishing campaign

By

Update: A phishing campaign targeted students and staff of Australian universities last month, according to an advisory from Auscert, Australia's National Emergency Response Team.

Australian universities targeted in identity stealing phishing campaign
The purpose of the hoax was to obtain email and username details from university student and staff email accounts, warned Auscert.

'VERIFY YOUR XXXXXX.EDU EMAIL ACCOUNT NOW !!!' was the subject of the hoax email which dupes victims into thinking their account needs updating.

The body of the email requested recipients disclose their personal information including their username, email password, date of birth and country or Territory.

Reacting to the Auscert advisory, the University of Technology, Sydney (UTS) sent a warning email to its students and staff.

"We thought we'd send that out as a warning just in case. It was right when new students were coming in and initiating their accounts," said
Peter James from the UTS Information Technology Division. "It was a straight warning just internal for our policy."

The email said: "This is a hoax message from outside the University designed to deceive recipients into providing user identification and password information."

“The University will never request personal identifying details or passwords via email. Please do not respond to this or any similar message requesting confidential information without verifying the source."

"There was no attack, and has been no attack to [UTS]," said James.

Commenting on the phishing campaign, Adam Biviano, premium services manager, at Trend Micro said that criminals are targeting any organisation that offers online services with the potential of stealing student identities and confidential information belonging to the university.

“Beyond the log-in page, criminals could access a student's full name, gender, birth date, phone contacts, citizen status, email address, next of kin, past university results and future study plans, financial invoices and HECS details,” said Biviano.

“Once students have their credentials stolen, criminals have access to a wealth of data behind that login screen. Personal information, test scores and other details which can identify the student become public domain. Students are then potential victims of identity theft, leaving them open to having credit ratings tarnished and being perused by creditors for loans they never acquired.”

For thousands of new students unfamiliar with university protocol, this would not seem like an unusual request, added Biviano.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
australiancampaignidentityinphishingsecuritytargeteduniversities

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?