Spear phishing is a term referring to targeted attacks on organisations to collect personal details. This latest warning will explain:
Students and staff at a few colleges and universities in the US have been receiving emails that appear to come from their system administrators. The emails state that a database is being updated and asks users to provide their username, password, and date of birth.
The schools targeted include Columbia University, Duke University, Princeton University, Purdue University, and the University of Notre Dame.
This information is collected by the people who sent the emails and used to compromise their accounts.
Be very suspicious of emails asking you to provide any personal details, especially if you didn’t request the email. And pay particular attention to which website the email links to – it’s a common tactic to use a similar sounding address that contains a typo (something that the human mind sometimes ignores).
Update: Australian universities have also been targetting in this attack.