Library Phishers

I just read the post “Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment” and it was very eye opening.  The United States Justice Department, FBI, New York FBI, and US Treasury announced charges against nine Iranians for conducting a huge cyber theft campaign.  Prosecutors state the nine Iranians worked for the Mabna Institute and stole more than 30 terabytes of academic data and intellectual property from universities, companies, and governments around the world.  That is roughly the equivalent to 8 billion double sided pages.

There were more than 750 phishing attacks identified targeting more than 300 universities in 22 countries, however most the targets were located in the US, Canada, UK, and Australia.  Its not just universities that are getting hit. Medical librarians will recognize these institutions PhishLabs identified as also being targeted, Memorial Sloan Kettering Cancer Center, Ohio State Wexner Medical Center and Thomson Reuters.

The PhishLab post provides a more detailed picture on the impact of phishing campaign which targeted university professors, students, faculty, and medical institutions dating back to 2013.  The phishing attacks profiled are designed to look like emails from the institutions’ email.  The fake emails contained spoofed sender email addresses (making it appear as if it was sent from a legit institutional account) telling the target their library account has been expired and in order to reactivate they must follow the link and login with their credentials.  The URLs for the link in the email are similar looking to the correct institution’s URL.

The example they give: (note the XXXX intentionally redacted data)

  • Legit American University Library URL:
  • Fake URL:

The landing pages of the fake site is identical to the legit site (as shown on the PhishLabs post)

These stolen credentials are then sold online where buyers ask to buy specific university passwords.  Passwords to the “best” universities and rare journals are the most expensive.

Phishing attacks involving the IRS, bank accounts, and credit cards get the most press these days. While I was aware this sort of thing happened in library resources I was unaware to its extent.  It makes you realize why publishers are looking at RA21 as the answer to better authentication.  I’m not sure if RA21 is the answer.  But I will be virtually attending the FREE RA21 seminar Friday April 27th to learn more about it and see what it means for medical and hospital libraries.

Learning more about RA21 and other ways to prevent library phishing is something we need to be more involved in.  On a simple level, perhaps we need to educate our users to call us directly (like they do the banks) if they have a question about a library email account.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.