14 DAY TRIAL // Phishers are targeting university students with emails that pose as notifications from the system administrator claiming their .edu email accounts have exceeded the allowed storage quota.
According to researchers from M86 Security, as unusual as this lure is, it has been timed to coincide with students returning to school.
An exceeded storage limit might sound plausible for students who haven't checked their .edu mailboxes in a while and left emails and spam to pile up.
One phishing email intercepted by the vendor read: "Your mailbox has exceeded the storage limit set by the administrator, you may not be able to send or receive new mail until you Re-validate your mailbox. To Re-validate and upgrade your mailbox please click here."
Another one is more targeted and even specifies the name of the university's web service and how big the storage quota is.
However, the actual phishing page suggests an unexperienced attacker. It displays a form asking for full name, email address, user name and password, which was created with an automatic tool.
One can easily tell that because the footer of the page displays a banner reading "Powered By php Form Generator."
According to the M86 researchers who also uncovered the unprotected admin panel, despite the poor quality of the phishing page, the attack still managed to make sufficient victims.
"[...] This is a very basic scam pulled off by a person with probably little knowledge of the systems they were setting up," the security experts say.
"Despite the technical simplicity, there are obviously still users out there who are willing to hand over real information about themselves to even unconvincing cyber con-artists," they add.
Some people might wonder why phishers would be attracted to .edu email addresses. For one, they are a valuable spamming ressource, because .edu domains are generally white-listed by anti-spam filters.