Cyber-attack strategies use publicly available email addresses in tandem with directory information
Cyber criminals can gain an advantage if they know more about the accounts and email addresses we use at Wake Forest, as well as how we are connected through reporting structures. Malicious cyber tactics utilize publicly available information on university sites, often those appearing in custom departmental directory pages.
There are two major categories of malicious cyber activity which may arise from public sharing of such information:
Spear Phishing
In “spear phishing” attack strategies, emails are sent with “spoofed” from addresses of University leadership and department heads, targeting individuals under their management chain. They attempt to appear to come from a trusted source by using from: display names and email addresses in a way that attempts to deceive the recipient (without having actually hacked/compromised the sender’s account/email). The emails themselves may contain malicious attachments, including links to websites that attempt to trick the user into sharing credentials or other personal information. Or, they may attempt to initiate an email conversation to build trust and gather progressively more sensitive information or financial gain.
Learn more by visiting, https://attack.mitre.org/techniques/T1566/
Gather victim identity information
Adversaries research, collect and use publicly-available information, such as department directories with email addresses, to gather information that can be used in a targeted attack, such as spear phishing. Insights into reporting structures inform and benefit such attacks.
Learn more by visiting the articles below:
- Gather Victim Identity Information: Email Addresses: https://attack.mitre.org/techniques/T1589/002/
- Search Victim-Owned Websites: https://attack.mitre.org/techniques/T1594/
Strategies for reducing incidence and success of these threats:
To reduce threats like these, remove unnecessary individual email addresses from public webpages, providing generic contact addresses (e.g. OurDept@wfu.edu), or directing viewers to the Wake Forest public directory.
Consider whether the need for including internal email addresses is
- outward-facing and necessary for engagement with the external community (outside of Wake Forest)
- internal, and unnecessary, discoverable through our Wake Forest Internal Directory
Want to learn more about cybersecurity?Visit the Information Security homepage for best practices, tips, and tools. If you have questions concerning this message or need assistance, please contact the Information Security team at infosec@wfu.edu.