Don’t be fooled by the Silent Librarian scam
eSolutions has been informed of the Silent Librarian group who are targeting some Australian universities. Silent Librarian target academia, often to steal proprietary information which is sold.
The Silent Librarian scams have designed phishing pages and emails use the following features in their social engineering:
- Stolen university logos and branding
- Spoofed email credentials/addresses
- University-specific portal clones/login pages
- Academia and library-themed subject lines (“Renewal of loaned items”, “Overdue notice on loaned items”, and “Library Services”)
How the scam works
- Silent Librarian employs malicious domains to host phishing landing pages that redirect users to fake university library login pages.
- The phishing emails sent by Silent Librarian include subject lines similar to ‘Library Services’, ‘Library Account Expiration’, ‘Renewal of loaned items’, ‘Renew your loaned items’, and ‘Overdue notice on loaned items’.
- The threat group also uses URL shorteners, linking, and abuse of legitimate services in its campaigns.
- The group abuses compromised accounts at universities to phish users at other universities.
How do I stay safe?
- Check the Sender address: Make sure the sender’s email address is legitimate, for example; all Deakin emails come from an @deakin.edu.au email address.
- Out of the blue: Is the action being requested in a message normal or expected behaviour of the sender? Pay attention to messages from people that are unexpected eg. someone wanting you to share your personal details or an email requesting you to make a payment not following normal Deakin processes.
- Use LastPass to automatically fill login details: Using LastPass helps protects you against fake-website phishing attacks, as LastPass will only automatically fill your credentials for the actual site.
- Use the Phish Alert button: Reporting suspect emails always eSolutions to assess the material and take the necessary steps to protect you and Deakin.
Originally published on Deakin’s Cybersecurity blog
Join the conversation