This particular phish spoofs a campus-wide security alert for a community college (confidential information blocked out) in Florida.
Given that it appears to be tailored to a particular educational institution and its students and employees, it’s a good bet that other educational institutions could see similarly targeted phishing attacks.
What makes this particular attack so infuriating is that it exploits current concerns over active shooters on education campuses — a sensitive issue that could likely generate panicked, reflexive clicks from recipients who are already on edge over the recent shooting at Marjory Stoneman Douglas High School — also in Florida.
This social engineering scheme could be easily used against any school system, state and local government, large private corporations (think of the recent mass shooting at YouTube headquarters) — or any organization that is likely to have established active shooter protocols and training in place.
We have seen several variations on this Scam Of The Week with the following subject lines:
- “IT DESK: Security Alert Reported on Campus”
- “IT DESK: Campus Emergency Scare”
- “IT DESK: Security Concern on Campus Earlier”
Please think before you click, and look for any red flags related to a phishing scam.
Cyber-attacks are rapidly getting more sophisticated. GDR Group will help train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now and email firstname.lastname@example.org to request a quote for security awareness training for your organization.