University student accounts are being exploited for business email compromise.
Hijacking student accounts for BEC.
Researchers at Avanan have observed a rise in attacks that compromise legitimate college student accounts in order to carry out business email compromise (BEC) attacks:
“We’ve seen a generous uptick in threat actors compromising student accounts, and then using them to send out BEC and credential harvesting messages. In this case, this same compromised account sent out numerous messages to a variety of organizations. The university, based in Arizona, is not an Avanan customer, and it’s not clear how the compromise began. Regardless, this represents an effective tactic by hackers. Compromising a student account can be done quite efficiently. From there, leveraging the legitimacy of that email account, it’s easy to send out multiple of the same messages to a variety of targets. That makes this an effective way for hackers to send out a wide spectrum of messages with just one compromise.”
Innocent-looking phishbait, but with many of the usual tells.
The phishing emails sent from the accounts appear to be support messages informing the user that several emails are being held for review. The user is directed to click a link in order to view the blocked emails. Avanan notes that there are several red flags in the emails, “such as where the URL goes to and also the fact that a university account wouldn’t be used to send support messages.”