Spearphishing campaigns are on the rise across higher education campuses. Attackers target college and university students in an attempt to steal financial aid funding and redirect these deposits to outside bank accounts. Recent FBI alerts note that such attacks increase in frequency during student aid disbursement periods.
What do these attacks look like, and what can your organization do to proactively stop a successful attack?
In February of 2018, the FBI received a notification of a campaign targeting students at a university in the southeastern United States. The students received an email requesting their login credentials for the school’s intranet, which the cyber criminal then used to access a third-party vendor managing the disbursement of financial aid.
The criminals successfully redirected direct deposit information for 21 students, stealing approximately $75,000 in total. The accounts were accessed by at least 13 identified IP addresses in the U.S.
In August of 2018, the Department of Education identified a similar attack targeting multiple higher education institutions. This time, the cyber criminals sent students an email inviting them to view and confirm their updated billing statements by logging into the school’s student portal. This information was then used to successfully change the direct deposit destinations to the cyber criminals’ bank accounts.
The nature of these spearphishing emails indicates a thorough recon of the target institutions. The criminals were able to gain an understanding of the school’s use of student portals and third-party vendors for processing student loan payment information.
We believe in the importance of being prepared. Implementing preventative measures can help secure your systems from attacks. Schools of every size need to:
Combating spearphishing campaigns requires diligence. This includes keeping up-to-date on mitigation strategies against spearphishing and network infrastructure targeting. For recent guidelines, check out the recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity and Communication Integration Center (NCCIC).
David Maxwell is the Chief Information Security Officer & Director of the Information Security Practice at Columbia Advisory Group. He is responsible for overseeing and managing CAG’s cybersecurity and cyber threat assessment team and provides strategic leadership, performance management, and program support.