Student phishing scheme just tip of the iceberg

Students are back in their university and college seats and some of them may have enjoyed their time away from school without checking their e-mails.

With perfect timing, the latest phishing campaign targeting specifically this part of the population uses fake e-mails purportedly coming from their institution’s system administrators and claiming that their mailbox has exceeded the storage limit.

Some of them even go as far to warn against sending usernames and passwords via e-mail, so they helpfully provide a link where the users can “re-validate” their inbox:

All of the links in similar e-mails take the users to a phishing page containing a form that supposedly needs to be filled.

But, according to M86, one of the compromised sites hosting the phishing page is also used – probably by the same person – to scam other users into giving up their credit card information, Verizon account details and more:

A peek at the administration pages for each of the five phishing forms found revealed that the “university phishing” scheme has currently more success than the other four – which doesn’t mean that they weren’t teeming with activity a while back.