Attackers Using Omicron Variant To Phish University Credentials

Published: January 10, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



For those involved in higher education in the U.S. – students, faculty and administrators, lookout for email phishing campaigns aiming for your login credentials. Attempts to steal this data from universities and colleges in this country are nothing new, but Proofpoint research shows these cybercrimes now have a renewed vigor thanks to the new Omicron variant.


The researchers find thousands of phishing emails have already been sent with Omicron lures and can contain attached malicious files or fake, credential-stealing URLs for school accounts. Some emails also attempt to steal MFA (multifactor authentication) codes, giving threat actors the ability to bypass additional security protocols using a victim’s login credentials.



Based on the pandemic and the history of cybercrime surrounding it, Proofpoint believes these credential-stealing, email phishing campaigns are destined to spread and quickly thrive. The same lures are being used again, specifically targeting those in higher education with “important” Omicron news and health related offerings.


The email phishing scams also use legitimate-looking but entirely fake school portal login web pages and the same for Office 365 login portals. The email phishing subject lines exploit themes like “COVID Test” and “Attention Required - Information Regarding COVID-19 Omicron Variant.” Once login info is entered it’s snatched up and then can be a setup for a flurry of cyber-abuse. Academia login credentials are a goldmine of information leading to school ransomware and other malware attacks, identity theft, and a host of other cybercrimes.



Proofpoint states “While many messages are sent via spoofed senders, Proofpoint has observed threat actors leveraging legitimate, compromised university accounts to send COVID-19 themed threats. It is likely the threat actors are stealing credentials from universities and using compromised mailboxes to send the same threats to other universities.”


The researchers also believe the end goal of these stolen credentials has yet to be revealed. Attackers may instead be using them for larger, more devastating and coordinated attacks against the higher education targets.


Don’t Bite! Tips for Email Safety

  • Be wary of all emails no matter the source or subject. Those addressing an individual by name and/or job title should also be scrutinized, especially if they require action.

  • Lookout for any sense of urgency in an email. Hackers like to push us into acting quickly before there’s time to verify the email is legitimate.

  • Never open attachments or follow links in an email without first verifying the sender by phone if needed. Never use contact information in the email as it could be a setup leading directly to the hacker.

  • Apply common sense before handing out sensitive information. Never follow email directions or links. Instead, type in the trusted address yourself to find if the request is legitimate.

  • Always use a good dose of common sense. If for any reason you feel an email isn’t quite right, don’t act on it. Delete it or make the IT department aware of it.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

3 views0 comments