Once again, cybercriminals are using the COVID-19 pandemic to their advantage by targeting anyone who might appear to be in a position of weakness.
This time they have directed their attention to school teachers—as if remote teaching and hybrid learning models weren't hard enough already!
Teachers targeted in BEC style gift card scams
Microsoft tweeted this week that they are noting an increase in business email compromise (BEC) attacks targeting K-12 school teachers.
In this type of attack, cybercriminals sometimes have gained access to someone's work email account at a school or school district. Once inside the account, the hacker will send emails to other teachers asking for help because of a heart-wrenching situation.
More often, however, the attackers are finding teachers on school websites and pretending to be another teacher or district employee.
The cybercriminals, impersonating a coworker, will then ask their colleague to purchase a variety of gift cards to help out with something.
According to Microsoft:
"One example includes an attacker describing a fake situation where they had lost a childhood friend and couldn't attend the funeral, but wanted to help out the struggling family. They asked the victim if they could purchased a $250 Walmart gift card while they were out of town, with a promise to refund the money."
Another example, below, asks a teacher to get gift cards as a thank you for the counseling staff. Read from the bottom up to see the flow of the conversation:
For more examples, check out the tweet:
We detected a recent spike in busines email compromise (BEC) attacks soliciting gift cards primarily targeting K-12 schoolteachers. Attackers impersonate colleagues or school officials to ask recipients to purchase various gift cards. pic.twitter.com/CFk37M5fpp— Microsoft Security Intelligence (@MsftSecIntel) February 2, 2021
Which emails are cybercriminals using in teacher gift card scams?
Microsoft researchers did some analysis on these cases and detected the types of email accounts the cybercriminals are using.
"The fraudulent emails are sent from attacker-created accounts on free email service providers, such as Gmail, Mail[.]ru, Yahoo, Hotmail, Outlook, and iCloud. As in many BEC campaigns, attackers identify targets through their publicly available info on websites and social media.
Attackers use various scenarios and lures to feign legitimacy and urgency. Based on intelligence, these attackers have also used COVID-19 lures for similar gift card BEC campaigns."
Are college professors being targeted in gift card scams?
It sounds like this type of gift card scam is also targeting college professors and staff.
In comments on Twitter, one user mentioned:
"...seeing this almost daily at the University level..."
And someone in IT or security posted about doing extra work in higher ed:
"...to constantly change the detection logic/phrases in our email firewall to catch."
Being cyber-enabled and relying on the resilience of the cloud has made school and work possible for many during the pandemic.
However, it's clear that cyber-enabled criminals are relying on that, too.