A University of Alaska phishing attack has potentially resulted in attackers gaining access to the sensitive information of 25,000 staff, students and faculty staff.
The University of Alaska phishing attack occurred in December last year, although affected individuals have only just been notified. The phishing emails were sent to university employees. One or more individuals responded and were fooled into following the threat actors’ instructions.
Details of the exact nature of the phishing emails were not disclosed; however, as with other phishing scams, the emails appeared genuine and looked professional. By responding to the emails, the employees accidentally disclosed their usernames and passwords to the attackers. The attack resulted in ‘several’ email accounts being compromised.
The emails in the compromised accounts contained a range of sensitive information including names and Social Security numbers. In total, around 25,000 staff, students and faculty members had their information exposed.
The investigation into the University of Alaska phishing attack could not confirm whether any of the emails in the accounts were accessed or if information was copied by the attackers, although it remains a distinct possibility.
Due to the sensitive nature of data in the accounts, the University of Alaska had to inform all affected individuals by mail and offer credit monitoring and identity theft protection services. Victims will also be protected by a $1 million identity theft insurance policy.
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo
A forensic analysis had to be conducted to determine the exact nature of the attack and which individuals had been affected – A process that took around 5 months. Staff had to be provided with additional training to improve awareness of credential phishing scams and were retrained correct handling of sensitive information. The notifications and mitigations came at a considerable cost.
The University of Alaska phishing attack was just one of many phishing attacks that have taken place in the United States over the past few months. The phishing attacks all have a common denominator. Employees were targeted, phishing emails reached inboxes, and end users followed the instructions in the emails.
Training staff to be aware of the threat of phishing can reduce susceptibility, although training did not prevent the University of Alaska phishing attack.
Even after receiving security awareness training, employees can make mistakes. A technology solution should therefore be implemented to stop phishing emails from being delivered to end users’ inboxes.
SpamTitan from TitanHQ offers excellent protection against phishing attacks, blocking more than 99.9% of spam, phishing emails and other malicious messages. SpamTitan is quick and easy to install, cost effective to implement and easy to maintain.
With SpamTitan installed, organizations can protect themselves against phishing attacks and avoid the considerable cost of data breaches.
For more information on SpamTitan and other TitanHQ security products, contact the sales team today and take the first step toward improving your defences against phishing attacks.