Cyber Criminals Conducting Successful Spearphishing Campaigns Against Students at Multiple Universities
From the FBI:
"The FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes.... [I]n January 2018... an unidentified number of students attending the University received an email requesting their login credentials for the University’s internal intranet. Using the University’s intranet portal, the cyber criminals accessed a third-party vendor that manages the disbursement of financial aid to students and changed the direct deposit information for 21 identified students to bank accounts under the cyber criminal’s control. The threat actor stole approximately $75,000 from the 21 students."
Please see the entire FBI Private Industry Notification here. This notification should be shared with peers and organizations within the higher education community, but not distributed publicly.
How to Protect Yourself
As a member of the ASU community, you can enroll in Two-Factor Authentication. This is one way to protect yourself from cyber criminals who seek to steal your money and data. Duo Two-Factor can send a confirmation message to your phone or other device to verify that any login attempts are actually from you.