Warning: the threat of university account compromise
The Cybersecurity Team of Masaryk University warns against a spear-phishing campaign by which an attacker tries to lure login information from MUNI employees.
What's going on?
Recently, we have recorded a spear-phishing campaign targeting employees of the Faculty of Arts and the Faculty of Law of Masaryk University. Spear-phishing is one of the social engineering techniques in which the attacker uses psychological manipulation of the victim.
The attack was carried out through compromised accounts of employees of Charles University and the Spanish University of Granada. The fraudster disseminated mass e-mails from these accounts with the subject "Please read: Important message from Masaryk University". If the employee opened this e-mail, a message was shown to them, which prompted them to click on the attached link. This link should redirect them to a fake employee portal login page. If an employee fills in their login details into this fraudulent form, they would be sent directly to the attacker. This would compromise the employee account, and the attacker could use the login information for their purposes. For example, to send another wave of spear-phishing e-mails.
What to do?
The attacker created a not-very-successful copy of the login page to the employee portal. However, in an everyday hurry, one could be fooled, for example, by the fact that the fake page contains the actual logo of the respective faculty. That's why we recommend you adopt one simple rule. Always check the site's URL first before logging in. The unified login to the MUNI INET employee portal will always look as follows id.muni.cz. Any deviation of the web address, even a small one, means that it is a fake website.
Conclusion
The attacker has already managed to trick several MUNI employees and obtained their login information. We are now working with them to resolve this situation. At the same time, we have blocked the sender’s address and fraudulent websites. However, since the campaign is carried out in waves, the sender addresses and attached links may differ in the next attempt. There is also a threat that the attack will also target other MU faculties.
If you encounter this cyber security attack, please do not hesitate to report it. Last but not least, we also recommend that you follow the activities of the Cybersecurity Team of Masaryk University, which warns you of current threats.