Monday 10 February 2020
There are strong indications that the "Silent Librarian" attack group has again attempted to compromise student accounts.
Silent Librarian regularly sends phishing mail in an attempt to gain access to library services. Once in our library system they try to download large amounts of information. Characteristics of the attacks detected so far are:
- Subject of the mail: Bibliotheekdiensten (in Dutch; the whole message is in fact in Dutch)
- Redirect services from renowned universities. This time hawaii.edu.
- URL of the fake login page starts with signon.utwente.nl and ends with a domain in the format xxx.xx
- Crooked sentences; sentences without capital letters
- American spelling of our address: 5, Drienerlolaan, 7522 NB Enschede, Netherlands
If you come across such an email, report it to Google as spam as quickly as possible. Google will block subsequent emails and also remove them from the inbox of your fellow students.
Also report the mail to CERT-UT.
If, despite everything, you are caught, change your password immediately. Don't wait until your account has been misused. You run the risk that your account will be blocked.
