Image for post
Image for post

Beware: Large Scale Phishing Campaign for The Start of the Semester

And so for the start of the semester, there’s a large spear phishing campaign going on just now over academia at the present time. It happened at my own institution around 7pm yesterday, and where there were emails such as:

Image for post
Image for post

If you receive one, you should NOT click on it. The subject looks valid, and it’s just a copy from a person’s email list. The link leads to a strange ICU domain:

httpx://message-ogww.securemail1.icu/xxxxx040be6777e38fbxx977e2

It then adds parameters of:

dknLB=
OgWw=ai5idaNlYW0hbkBuYXBlZXIuYWaudWs=
OgWw=zzHgaXvS

Which looks to be some form of tracking. The domain has now been blocked, but users should worry if they receive the email.

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store