In a recent finding from researchers at Inky, compromised popular university email accounts are being used to perform phishing attacks. The email accounts used in the phishing attacks are speculated to be victims of a credential harvesting scheme that most likely never changed their login credentials after they were compromised. The emails originate from 13 different universities such as Purdue, Oxford University of the UK, Stanford University, and others. Most security software products see emails with [.]EDU extensions as trusted so they are not flagged. In one incident the phishing email claimed that the recipient had missed a phone call and linked an attachment that purports to be the voicemail. Other threats found that that a threat actor group (TA407, which is based out of Iran) has been on the prowl since the start of the 2019 school year to harvest additional login credentials.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in