Beware! Hackers using Omicron, COVID-19 phishing emails to target universities.
Threat actors are increasingly using phishing emails related to the COVID-19 pandemic and the new Omicron variant to target universities and steal login credentials, according to reports.
The emails often imitate the targeted university’s login page, tricking victims into logging into their accounts by sending emails pretending to have university information about the ongoing pandemic. The threat activity is likely to get worse following the holiday season.
These phishing emails typically contain attachments or URLs (web addresses) for pages intended to harvest credentials for university accounts. The landing pages typically imitate the university’s official login portal, although some campaigns feature generic Office 365 login portals. In some cases, such as the Omicron variant lures, victims are redirected to a legitimate university communication after credentials are harvested.
How to avoid being a victim:
In many cases, being able to recognize a scam is the only way to avoid it. University Technology Services offers free Security Awareness Training to students through D2L and to faculty and staff through KnowBe4. We highly recommend that you take advantage of this training.
Also, follow us on Twitter @calupatech, where we post samples of recent phishing messages that were sent to campus.
If you receive a phishing/scam email, please forward it to abuse@calu.edu.