Cybercriminals are attempting to steal credentials from government workers and university staff by deploying phishing emails claiming that the target is due for a pay rise.
Claiming to be from the human resources department, the email tells staff that they’re soon to be offered a pay rise and to click a link in order to enter their credentials for ‘authentication purposes’.
This fraudulent link takes the target to a fake website where they are asked to enter personal information including university log in and financial details, data which the cybercriminal perpetrators can use to gain unauthorised access to systems and steal money
The UK’s fraud and cybercrime centre Action Fraud and the City of London police issued a warning on the pay rise phishing scam following more than a hundred reports of victims receiving them.
Action Fraud also warns that universities, police forces and government agencies have been targeted by cyberfraudsters using this scheme, which is being investigated by various regional police forces.
Police advice to those who have been targeted by this phishing scam is to change any passwords associated with any passwords associated with their email accounts and IT accounts.
“Phishing emails continue to be a serious problem. It is essential that those affected take the appropriate action to protect their personal details, says Stephen Proffitt, deputy head of Action Fraud.
The University of Bath computing services department published a warning after users were sent the email.
Phishing emails are an effective attack vector for cybercriminals, who use them for everything from stealing credentials to distributing malware and ransomware. Those behind phishing schemes can send millions of emails in just a day, so even if just a tiny number of targets fall for the scam, they’re still making off with a big haul of data.
The university pay rise scam isn’t the first phishing campaign which Action Fraud has recently warned against; in January police warned that cybercriminals are attempting to infect people with bank data stealing malware by using emails pretending to come from a charity.
READ MORE ON CYBERCRIME
Source: SANS ISC SecNewsFeed @ February 23, 2017 at 09:12AM