According to published reports, a threat actor dubbed “Silent Librarian” has been targeting individual college-age students (i.e., “spear phishing” the students). Silent Librarian is using information from the students’ social media posts to learn more about their buying habits, where they go to school, places they have visited, books they have read, etc. They then carefully craft E-mail messages with subjects and contents that are relevant to the student (e.g., “Overdue Library Books”). The E-mails include graphics and other information that mimic those used by the students’ school. The E-mails contain links to convincing but phony websites that capture the students’ credentials. The students’ information is saved and then they are automatically logged into the school’s website, helping to hide the fact that the login page did not belong to the school. The students’ accounts are then used for a variety of purposes, including accessing academic journals that are only available through a paywall, stealing intellectual property including research, mining the E-mail and other messages for information that can be used later for influence campaigns, and as a basis for sending infected E-mails to classmates and friends.
The three best things students can do: 1) remain aware and vigilant, including carefully scrutinizing every web URL to ensure it belongs to their school, 2) use unique passwords on every website and a password manager to maintain the information, and 3) insist that their school implement multi factor authentication and make sure it is enabled on their account. For more information about staying safe online, download our Top 7 Tips.