A phishing attack on educational institutions impersonated Instagram and targeted over 20 thousand US students. The attack included sophisticated phishing techniques like valid domain names, recognizable workflows, and social engineering, which successfully bypassed several email security checks and Microsoft cyber security programs.
Security firm Armorblox detailed the attempted data security and privacy breach in a report published on November 17. In their report, the firm describes how thousands of students at a “large, national institution” received a phishing email that, at first glance, appeared to be from the social media company Instagram.
The Phishing Email Featured Several Convincing Features Aimed at Convincing Students that the Message was Genuine.
The email sender’s name and address matched Instagram’s actual email credentials, and the subject line read “We Noticed An Unusual Login, [user handle].” The email recipient’s actual Instagram user handle was included, giving a sense of authenticity to the phishing attack.
When users clicked on the link included in the email, they were directed to a fake Instagram landing page with the Instagram logo and branding. The text on the page encouraged users to click on a button to confirm that they did not make a supposed unusual login attempt.
On clicking the button, students would then be directed to another fake page that aimed to collect the user’s sensitive data security and private credentials. It encouraged users to log in and change their account details.
The Email Passed Several Data Security Management Checks and Protections.
The attack bypassed Microsoft email data security management features such as DMARC and SPF email authentication checks. It also bypassed the cyber security programs of Microsoft 365 and Microsoft Exchange to reach thousands of inboxes.
Armorblox did some further assessments of the domain source for the attack and reported that it had several features that made it seem legitimate. The sender domain has also been rated “trustworthy”, with no infections over the last year and 4 months.
This would make it more likely that even data security and privacy-savvy students would fall for the scam. Combining social engineering, brand impersonation, valid domain names, and known workflows – this phishing attempt is an example of the more sophisticated techniques modern phishing attacks involve.
Phishing Attacks are Becoming More Convincing and Sophisticated.
Threat actors are becoming ever more sophisticated in their email phishing attacks. As a result, organisations have to find more effective ways to effectively identify email threats and protect the security of their data.
Armorblox security experts recommend that companies undertake more involved training to ensure employees don’t fall for phishing attacks directed at their work. They should also look into multi-step authentication and password security measures which will make it more difficult for phishers to collect employee data successfully.
