Unsuspecting School District Faculty Targeted by Credential Theft Campaign

Abnormal Security -

No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside.

Threat actors know this, and they’re taking advantage of human emotions. Our most recent example comes from a school district, where attackers compromised one account and then used that account to launch additional attacks on the victim’s coworkers. Using urgent language and a phishing link, this campaign was an attempt to gain credentials to additional email accounts.

Summary of Attack

Target: Public School District

Platform: Office 365 

Victims: Faculty and Staff

Payload: Urgent Message with Phishing Link

Technique: Credential Theft

About the Credential Phishing Attack

Prior to this attack, cybercriminals gained access to the mailbox of a faculty member at an independent school district. Once inside the inbox, they sent an

Read More.....