Phishing Campaign Report Q3-2019

By running October’s spear phish exercise, our motive was to test our users’ awareness of using intuition to detect a Spear Phish email from a compromised source. Congratulations to Hussain M. Sorooji for being the first person who reported the phish in only 9 seconds!

Recently a few individuals became victim to an actual Spear Phishing attack targeting KAUST, in whic adversaries compromised a genuine KAUST account.

A legitimately compromised account gives adversaries an advantage to pose as a trusted user while sending emails to internal KAUST users compelling every recipient to click on malicious links or download infected attachments.

Spear Phishing attacks are generally hard to detect. For instance, during the above-mentioned last incident, 13 users at KAUST fell for the phishing email sent from the compromised account and ended up providing their passwords to the hackers.

Our Security team, in collaboration with other teams at KAUST IT, was able to contain the situation in due time by alerting the community immediately and by tracking and blocking the hackers’ attempts successfully.

Click here to find out who the winners are and
to download the full report.

KAUST IT

We make IT happen!