How to weaponize phishable university accounts
The U.K. Register (read the full story here), published how Coinbase got hacked by what appeared to be legitimate email from Gregory Harris, a research grant administrator at the University of Cambridge. The key was the attackers "compromised or created" two email accounts and sent apparently innocuous emails to about 200 targets. Over time, they narrowed it down to five specific "marks" at Coinbase. Etc. Etc. Etc.
Geeze, now: How easy would it be to set up fake email accounts at major U.S. research universities? See my post on how 49 of the top 50 U.S. research universities are phishable (click here). Then read the specific Cambridge incident report (click here) for a full tutorial.
Mad Max's mind reels at the stupidity of the smart guys. Yep, the old "grant administrator" hack!
Prophet of the BCK
#cambridge #coinbase #spearphishing #phishing #databreach #tutorial