www.proofpoint.com
Open in
urlscan Pro
2a02:e980:107::cf
Public Scan
Submitted URL: https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VVscd42gL9pgW2mq7FG8Txy6PVrHz2f4C7R6qN5QLhSc5knJmV3Zsc37CgHrjW108jVx7yH7BYW3...
Effective URL: https://www.proofpoint.com/us/blog/threat-insight/university-targeted-credential-phishing-campaigns-use-covid-19-omicron-th...
Submission: On December 16 via api from IE — Scanned from DE
Effective URL: https://www.proofpoint.com/us/blog/threat-insight/university-targeted-credential-phishing-campaigns-use-covid-19-omicron-th...
Submission: On December 16 via api from IE — Scanned from DE
Form analysis 3 forms found in the DOM
/us
<form action="/us" data-region="us" data-language="en">
<input type="text" name="search_block_form" placeholder="Search">
<input type="submit">
</form><form id="mktoForm_10895" data-mkto-id="10895" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label=""
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft js-visible mkto-form-processed" novalidate="novalidate" style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css"></style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 150px;">
<div class="mktoAsterix">*</div>Business Email:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" placeholder="Business Email *" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 200px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoFieldWrap mk-form__checkbox-field">
<div class="blog-subscribe__select-box">Select</div><label for="blogInterest" id="LblblogInterest" class="mktoLabel mktoHasWidth mk-form__checkbox-label" style="width: 150px;">
<div class="mktoAsterix">*</div>Blog Interest:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div>
<div class="mktoLogicalField mktoCheckboxList mktoHasWidth" style="width: 200px;"><input name="blogInterest" id="mktoCheckbox_182285_0" type="checkbox" value="All"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_0 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_0" id="LblmktoCheckbox_182285_0">All</label><input name="blogInterest" id="mktoCheckbox_182285_1" type="checkbox" value="Archiving and Compliance"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_1 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_1" id="LblmktoCheckbox_182285_1">Archiving and Compliance</label><input name="blogInterest" id="mktoCheckbox_182285_2" type="checkbox" value="CISO Perspectives"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_2 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_2" id="LblmktoCheckbox_182285_2">CISO Perspectives</label><input name="blogInterest" id="mktoCheckbox_182285_3" type="checkbox" value="Cloud Security"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_3 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_3" id="LblmktoCheckbox_182285_3">Cloud Security</label><input name="blogInterest" id="mktoCheckbox_182285_4" type="checkbox" value="Corporate News"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_4 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_4" id="LblmktoCheckbox_182285_4">Corporate News</label><input name="blogInterest" id="mktoCheckbox_182285_5" type="checkbox" value="Email and Cloud Threats"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_5 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_5" id="LblmktoCheckbox_182285_5">Email and Cloud Threats</label><input name="blogInterest" id="mktoCheckbox_182285_6" type="checkbox" value="Information Protection"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_6 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_6" id="LblmktoCheckbox_182285_6">Information Protection</label><input name="blogInterest" id="mktoCheckbox_182285_7" type="checkbox" value="Insider Threat Management"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_7 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_7" id="LblmktoCheckbox_182285_7">Insider Threat Management</label><input name="blogInterest" id="mktoCheckbox_182285_8" type="checkbox" value="Remote Workforce Protection"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_8 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_8" id="LblmktoCheckbox_182285_8">Remote Workforce Protection</label><input name="blogInterest" id="mktoCheckbox_182285_9" type="checkbox" value="Security Awareness Training"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_9 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_9" id="LblmktoCheckbox_182285_9">Security Awareness Training</label><input name="blogInterest" id="mktoCheckbox_182285_10" type="checkbox" value="Security Briefs"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_10 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_10" id="LblmktoCheckbox_182285_10">Security Briefs</label><input name="blogInterest" id="mktoCheckbox_182285_11" type="checkbox" value="Threat Insight"
aria-labelledby="LblblogInterest LblmktoCheckbox_182285_11 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_182285_11" id="LblmktoCheckbox_182285_11">Threat Insight</label></div><span id="InstructblogInterest" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Employees_Picklist__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="State" class="mktoField mktoFieldDescriptor mktoFormCol" value="State/Province" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="email" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium_Detail__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="hs_email" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Industry" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Website" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="AnnualRevenue" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandbasesid" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandBase_Data_Source" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Primary_Product_Interest__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Post_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmcampaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmterm" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="db_employee_count" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Unsubscribed" class="mktoField mktoFieldDescriptor mktoFormCol" value="0" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="10895" placeholder=""><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="309-RHV-619" placeholder=""><input type="hidden" name="Website_Conversion_URL__c" class="mktoField mktoFieldDescriptor"
value="https://www.proofpoint.com/us/blog/threat-insight/university-targeted-credential-phishing-campaigns-use-covid-19-omicron-themes?utm_medium=email&_hsmi=196208358&_hsenc=p2ANqtz-8BrktavwHnWBiNFk-ZwsIa0M1LrS8ygJWjmWa-O9kEUb7-xFCiNcTyLOUEyItF9rdkUvtLrvMGxrBilJDBAXrH4PTYheeYN5ifmKTHrTW61QLVTrc&utm_content=196208358&utm_source=hs_email">
</form><form data-mkto-id="10895" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label=""
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft" novalidate="novalidate"
style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Skip to main content Products Solutions Partners Resources Company ContactLanguages Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Main Menu EMAIL SECURITY AND PROTECTION Defend against threats, ensure business continuity, and implement email policies. ADVANCED THREAT PROTECTION Protect against email, mobile, social and desktop threats. SECURITY AWARENESS TRAINING Engage your users and turn them into a strong line of defense against phishing and other cyber attacks. CLOUD SECURITY Defend against cyber criminals accessing your sensitive data and trusted accounts. COMPLIANCE AND ARCHIVING Reduce risk, control costs and improve data visibility to ensure compliance. INFORMATION PROTECTION Protect from data loss by negligent, compromised, and malicious users. DIGITAL RISK PROTECTION Protect against digital security risks across web domains, social media and the deep and dark web. PREMIUM SECURITY SERVICES Get deeper insight with on-call, personalized assistance from our expert team. PROTECT AGAINST INSIDER THREATS Get real-time insight into threats that can cause data loss and brand damage. Learn More SOLUTIONS BY TOPIC COMBAT EMAIL AND CLOUD THREATS Protect your people from email and cloud threats with an intelligent and holistic approach CHANGE USER BEHAVIOR Help your employees identify, resist and report attacks before the damage is done COMBAT DATA LOSS AND INSIDER RISK Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats MODERNIZE COMPLIANCE AND ARCHIVING Manage risk and data retention needs with a modern compliance and archiving solution PROTECT CLOUD APPS Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk SECURE MICROSOFT 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite DEFEND YOUR REMOTE WORKFORCE Secure access to corporate resources and ensure business continuity for your remote workers WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. SOLUTIONS BY INDUSTRY Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses PARTNER PROGRAMS CHANNEL PARTNERS Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. ARCHIVE EXTRACTION PARTNERS Learn about the benefits of becoming a Proofpoint Extraction Partner. GLOBAL SYSTEM INTEGRATOR (GSI) AND MANAGED SERVICE PROVIDER (MSP) PARTNERS Learn about our global consulting and services partners that deliver fully managed and integrated solutions. TECHNOLOGY AND ALLIANCE PARTNERS Learn about our relationships with industry-leading firms to help protect your people, data and brand. SOCIAL MEDIA PROTECTION PARTNERS Learn about the technology and alliance partners in our Social Media Protection Partner program. PROOFPOINT ESSENTIALS PARTNER PROGRAMS Small Business Solutions for channel partners and MSPs. PARTNER TOOLS Become a Channel Partner Channel Partner Portal Channel Buzz RESOURCE LIBRARY Find the information you're looking for in our library of videos, data sheets, white papers and more. BLOG Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. PODCASTS Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. THREAT GLOSSARY Learn about the latest security threats and how to protect your people, data, and brand. EVENTS Connect with us at events to learn how to protect your people and data from ever‑evolving threats. CUSTOMER STORIES Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. WEBINARS Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Watch now to earn your CPE credits SECURITY HUBS Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub Cybersecurity Awareness Hub Ransomware Hub ABOUT PROOFPOINT Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. CAREERS Stand out and make a difference at one of the world's leading cybersecurity companies. NEWS CENTER Read the latest press releases, news stories and media highlights about Proofpoint. SUPPORT Access the full range of Proofpoint support services. Learn More United States United Kingdom France Germany Italy Spain Japan Australia Products Overview Email Protection Email Fraud Defense Threat Response Auto-Pull Sendmail Open Source Essentials for Small Business Overview Targeted Attack Protection in Email Email Isolation Threat Response Emerging Threats Intelligence Overview Simulated Phishing and Knowledge Assessments Training Modules, Videos and Materials Phishing Email Reporting and Analysis Business Intelligence Overview Browser Isolation Cloud Account Defense Cloud App Security Broker Web Security Overview Capture & Monitor Content Capture Content Patrol Compliance Gateway Archiving Enterprise Archive Intelligent Supervision E-discovery Analytics NexusAI Compliance Overview Endpoint Data Loss Prevention (DLP) Enterprise Data Loss Prevention (DLP) Email Data Loss Prevention (DLP) Email Encryption Data Discover Insider Threat Management Overview Social Media Protection Domain Fraud Monitoring Executive and Location Threat Monitoring Overview Technical Account Managers Proofpoint Threat Information Services Managed Services for Security Awareness Training People-Centric Security Program Managed Email Security Managed Services for Information Protection Insider Threat Management Services Compliance and Archiving Services Consultative Services Products Solutions Partners Resources Company United States United Kingdom France Germany Italy Spain Japan Australia Login Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Contact EMAIL SECURITY AND PROTECTION Defend against threats, ensure business continuity, and implement email policies. ADVANCED THREAT PROTECTION Protect against email, mobile, social and desktop threats. SECURITY AWARENESS TRAINING Engage your users and turn them into a strong line of defense against phishing and other cyber attacks. CLOUD SECURITY Defend against cyber criminals accessing your sensitive data and trusted accounts. COMPLIANCE AND ARCHIVING Reduce risk, control costs and improve data visibility to ensure compliance. INFORMATION PROTECTION Protect from data loss by negligent, compromised, and malicious users. DIGITAL RISK PROTECTION Protect against digital security risks across web domains, social media and the deep and dark web. PREMIUM SECURITY SERVICES Get deeper insight with on-call, personalized assistance from our expert team. Overview Email Protection Email Fraud Defense Threat Response Auto-Pull Sendmail Open Source Essentials for Small Business Overview Targeted Attack Protection in Email Email Isolation Threat Response Emerging Threats Intelligence Overview Simulated Phishing and Knowledge Assessments Training Modules, Videos and Materials Phishing Email Reporting and Analysis Business Intelligence Overview Browser Isolation Cloud Account Defense Cloud App Security Broker Web Security Overview Capture & Monitor Content Capture Content Patrol Compliance Gateway Archiving Enterprise Archive Intelligent Supervision E-discovery Analytics NexusAI Compliance Overview Endpoint Data Loss Prevention (DLP) Enterprise Data Loss Prevention (DLP) Email Data Loss Prevention (DLP) Email Encryption Data Discover Insider Threat Management Overview Social Media Protection Domain Fraud Monitoring Executive and Location Threat Monitoring Overview Technical Account Managers Proofpoint Threat Information Services Managed Services for Security Awareness Training People-Centric Security Program Managed Email Security Managed Services for Information Protection Insider Threat Management Services Compliance and Archiving Services Consultative Services PROTECT AGAINST INSIDER THREATS Get real-time insight into threats that can cause data loss and brand damage. Learn More SOLUTIONS BY TOPIC COMBAT EMAIL AND CLOUD THREATS Protect your people from email and cloud threats with an intelligent and holistic approach CHANGE USER BEHAVIOR Help your employees identify, resist and report attacks before the damage is done COMBAT DATA LOSS AND INSIDER RISK Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats MODERNIZE COMPLIANCE AND ARCHIVING Manage risk and data retention needs with a modern compliance and archiving solution PROTECT CLOUD APPS Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk SECURE MICROSOFT 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite DEFEND YOUR REMOTE WORKFORCE Secure access to corporate resources and ensure business continuity for your remote workers WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. SOLUTIONS BY INDUSTRY Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses PARTNER PROGRAMS CHANNEL PARTNERS Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. ARCHIVE EXTRACTION PARTNERS Learn about the benefits of becoming a Proofpoint Extraction Partner. GLOBAL SYSTEM INTEGRATOR (GSI) AND MANAGED SERVICE PROVIDER (MSP) PARTNERS Learn about our global consulting and services partners that deliver fully managed and integrated solutions. TECHNOLOGY AND ALLIANCE PARTNERS Learn about our relationships with industry-leading firms to help protect your people, data and brand. SOCIAL MEDIA PROTECTION PARTNERS Learn about the technology and alliance partners in our Social Media Protection Partner program. PROOFPOINT ESSENTIALS PARTNER PROGRAMS Small Business Solutions for channel partners and MSPs. PARTNER TOOLS Become a Channel Partner Channel Partner Portal Channel Buzz RESOURCE LIBRARY Find the information you're looking for in our library of videos, data sheets, white papers and more. BLOG Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. PODCASTS Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. THREAT GLOSSARY Learn about the latest security threats and how to protect your people, data, and brand. EVENTS Connect with us at events to learn how to protect your people and data from ever‑evolving threats. CUSTOMER STORIES Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. WEBINARS Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Watch now to earn your CPE credits SECURITY HUBS Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub Cybersecurity Awareness Hub Ransomware Hub ABOUT PROOFPOINT Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. CAREERS Stand out and make a difference at one of the world's leading cybersecurity companies. NEWS CENTER Read the latest press releases, news stories and media highlights about Proofpoint. SUPPORT Access the full range of Proofpoint support services. Learn More Zeigen Sie weiterhin Inhalte für Ihren Standort an United StatesUnited KingdomFranceDeutschlandEspaña日本AustraliaItaliaFortsetzen Blog Threat Insight University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes UNIVERSITY TARGETED CREDENTIAL PHISHING CAMPAIGNS USE COVID-19, OMICRON THEMES Share with your network! Facebook Twitter LinkedIn Email December 07, 2021 Selena Larson and Jake G Proofpoint researchers have identified an increase in email threats targeting mostly North American universities attempting to steal university login credentials. The threats typically leverage COVID-19 themes including testing information and the new Omicron variant. Proofpoint observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021. Following the announcement of the new Omicron variant in late November, the threat actors began leveraging the new variant in credential theft campaigns. Threat actors continue to use COVID-19 theme lures in campaigns targeting multiple industries and geographic areas. The threats specifically targeting universities is interesting due to the specificity in targeting and effort to mimic legitimate login portals. It is likely this activity will increase in the next two months as colleges and universities provide and require testing for students, faculty, and other workers traveling to and from campus during and after the holiday season, and as the Omicron variant emerges more widely. We expect more threat actors will adopt COVID-19 themes given the introduction of the Omicron variant. This assessment is based on previously published research that identified COVID-19 themes making a resurgence in email campaigns following the emergence of the Delta variant in August 2021. CAMPAIGN DETAILS The COVID-19 themed campaigns including Omicron variant lures include thousands of messages targeted to dozens of universities in North America. The phishing emails contain attachments or URLs for pages intended to harvest credentials for university accounts. The landing pages typically imitate the university’s official login portal, although some campaigns feature generic Office 365 login portals. In some cases, such as the Omicron variant lures, victims are redirected to a legitimate university communication after credentials are harvested. Proofpoint observed this threat actor pivot from Delta variant themed email lures to Omicron themes following the announcement of the new variant. Emails with URLs use subjects such as: Attention Required - Information Regarding COVID-19 Omicron Variant - November 29 With a link to a spoofed landing page such as: Figure 1: Spoofed login page for the University of Central Missouri. Messages distributing attachments included subject lines such as “Covid Test”. Figure 2: HTM attachment leading to a credential capture webpage. The attachments lead to a university themed email credential theft webpage. Figure 3: Credential theft webpage spoofing Vanderbilt University. Proofpoint has identified multiple threat clusters using COVID-19 themes to target universities using different tactics, techniques, and procedures (TTPs). In addition to multiple delivery methods – Proofpoint has observed both URL and attachments in campaigns – activity clusters use different sender and hosting methods to distribute credential theft campaigns. In the Omicron variant campaign, threat actors leverage actor-controlled infrastructure to host credential theft webpages using similar domain naming patterns. These include: * sso[.]ucmo[.]edu[.]boring[.]cf/Covid19/authenticationedpoint.html * sso2[.]astate[.]edu[.]boring[.]cf/login/authenticationedpoint.html Attachment-based campaigns have leveraged legitimate but compromised WordPress websites to host credential capture webpages, including: * hfbcbiblestudy[.]org/demo1/includes/jah/[university]/auth[.]php * afr-tours[.]co[.]za/includes/css/js/edu/web/etc/login[.]php * traveloaid[.]com/css/js/[university]/auth[.]php In some campaigns, threat actors attempted to steal multifactor authentication (MFA) credentials, spoofing MFA providers such as Duo. Stealing MFA tokens enables the attacker to bypass the second layer of security designed to keep out threat actors who already know a victim’s username and password. Figure 4: Duo MFA credential theft landing page. While many messages are sent via spoofed senders, Proofpoint has observed threat actors leveraging legitimate, compromised university accounts to send COVID-19 themed threats. It is likely the threat actors are stealing credentials from universities and using compromised mailboxes to send the same threats to other universities. Proofpoint does not attribute this activity to a known actor or threat group, and the ultimate objective of the threat actors is currently unknown. Indicators of Compromise Indicator Description hfbcbiblestudy[.]org/demo1/includes/jah/[university]/auth[.]php Credential Theft URL afr-tours[.]co[.]za/includes/css/js/edu/web/etc/login[.]php Credential Theft URL traveloaid[.]com/css/js/[university]/auth[.]php Credential Theft URL traveloaid[.]com/css/js/[university]/auth[.]php Credential Theft URL offthewallgraffiti[.]org/[university]/auth[.]php Credential Theft URL traveloaid[.]com/css/js/[university]/auth[.]php Credential Theft URL sso[.]ucmo[.]edu[.]boring[.]cf/Covid19/authenticationedpoint.html Credential Theft URL sso2[.]astate[.]edu[.]boring[.]cf/login/authenticationedpoint.html Credential Theft URL 242smarthome[.]com/[university]/auth.php Credential Theft URL jass-butz[.]at/xx/main/main.php Credential Theft URL Bluecollarsubs[.]com/main/ main.php Credential Theft URL Subscribe to the Proofpoint Blog * Business Email: Select * Blog Interest: AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight Submit ABOUT * Overview * Why Proofpoint * Careers * Leadership Team * News Center * Nexus Platform THREAT CENTER * Threat Hub * Cybersecurity Awareness Hub * Ransomware Hub * Threat Glossary * Threat Blog * Daily Ruleset PRODUCTS * Email Security & Protection * Advanced Threat Protection * Security Awareness Training * Cloud Security * Archive & Compliance * Information Protection * Digital Risk Protection * Product Bundles RESOURCES * Whitepapers * Webinars * Datasheets * Events * Customer Stories * Blog * Free Trial CONNECT * +1-408-517-4710 * Contact Us * Office Locations * Request a Demo SUPPORT * Support Login * Support Services * IP Address Blocked? * Facebook * Twitter * linkedin * Youtube * United States * United Kingdom * France * Germany * Italy * Spain * Japan * Australia © 2021. All rights reserved. Terms and conditions Privacy Policy Sitemap