Warning: spear-phishing alert informing about mailbox quota exceeded!
The Cybersecurity Team of Masaryk University warns about a spear-phishing campaign in which the attacker attempts to trick employees into revealing their login credentials!
What is going on?
Today, the Cybersecurity Team of Masaryk University detected a wave of spear-phishing emails with the subject "[MUNI] University Mailbox Quota Exceeded!". In the email, the attackers impersonate the IT Service Desk of Masaryk University and misuse the MU logo. The email also includes a link that, when clicked, redirects the user to a fraudulent phishing form that mimics the appearance of the MUNI Unified Login. The attackers aim to obtain users' login credentials for this system.
Spear-phishing is a social engineering technique that uses psychological manipulation to obtain sensitive information or access secure systems. This method represents a more sophisticated variant of phishing, as fraudulent messages are specifically crafted and sent to particular individuals or groups to obtain personal or sensitive data.
Here you can see exactly what the fraudulent page looks like.
What to do?
Spear-phishing messages are designed to appear as relevant as possible to the victim's work, thereby creating a tendency to open and promptly follow the instructions in the message, such as logging into systems, etc. The insidiousness of these messages also lies in their ability to easily blend in with regular work emails. If you receive a similarly formulated message:
Conclusion
Spear-phishing attacks are an increasingly popular technique among cyber attackers because, unfortunately, they are often successful. If you want to learn more about phishing, we recommend reading the article that details the impact of phishing attacks on MU students.
All necessary information about cybersecurity at Masaryk University can always be found at security.muni.cz.