A US-based information security company, Secureworks, has identified attacks originating from Iran targeting more than 300 universities including those based in the United Kingdom, Australia and the US.

The attack was found to be harvesting university credentials by posting a link to a fake website that then redirected to a legitimate page. Victims that entered their normal login credentials into the fake portal had these unknowingly stolen before being redirected to the legitimate site.

This attack is known as website spoofing, a common form of social engineering. It is well established as a hacking methodology and is often used to fool users into entering their standard credentials. The key part of these attacks it that the website must look as authentic as possible, and then redirect to the legitimate site so the user has no knowledge.

In the case of the attack in this article, the campaign involved spoofing multiple websites that replicated the corresponding university’s library system. These spoofed webpages then required the visitor to enter their username and password, subsequently stealing their logon details and then redirecting them to the legitimate website to avoid suspicion.

Fake emails are still somewhat difficult to identify, especially considering the ever-increasing complexity of the attacks. According to Symantec’s Latest Intelligence article, phishing rates have climbed from 1 in 3,331 in February 2018 to 1 in 2,981 by March this year. If the website you intend to visit is very reputable (e.g. PayPal), then ensure the website name is listed in the ‘Secure’ section of the URL which displays their SSL certificate.

Never enter your credentials in a website where you have navigated to it from an email link. Instead, try to navigate to the website yourself to validate its authenticity.