Action Fraud UK has warned that both businesses and universities need to be on guard against a new scam, which has already resulted in firms being defrauded of £350,000. Hackers are registering spoof UK university domains to look like they belong to UK university email addresses. These domains are used to contact suppliers and order high value goods such as IT equipment and pharmaceutical chemicals in the university’s name and the suppliers are never paid back. Kevin commented below as part of our security experts comments series.
Kevin Bocek, Chief Cybersecurity Strategist at Venafi:
“The universities and other businesses affected by this scam are certainly not alone – spoofing sites is now big business. Last year over 14,000 certificates were used to set up phishing sites spoofing PayPal alone. This shows the power of the padlock for cybercriminals, allowing them to appear trusted so that they can trick unsuspecting businesses out of huge sums and damage brand reputations across the internet.
“These attacks are part of a much larger problem that jeopardises the system of trust used throughout the internet and shows why a new system of trust built on reputation is needed. These padlocks are supposed to signify a trusted machine identity – a digital certificate that means a website is genuine. But now cybercriminals can obtain certificates allowing them to look authentic for virtually nothing. This is a high risk, high impact threat that security teams cannot ignore anymore.”