The message in the lures are contextually legitimate, meaning it is an email a recipient could be reasonably expected to receive.
Most of the Silent Librarian lure emails contain spoofed sender email addresses, which make them appear as if they're coming from a legitimate source.
Phish Labs began compiling attacks, lures, and other information tied to Silent Librarian in December 2017.
Starting with just two domains that hosted nearly two dozen university phishing sites, we used Passive DNS analysis, Whois data, SSL certificate monitoring, and open source research to identify more phishing sites linked to the same group.
These attacks have targeted more than 300 universities in 22 countries.Overall, the lures constructed by Silent Librarian are remarkably authentic-looking.Spelling and grammar, two of the primary indicators of a malicious email, are nearly perfect.One of the notable aspects of Silent Librarian phishing campaigns is that their tactics have barely changed over time.Outside the correction of a few minor spelling errors, the content of the phishing lures has remained incredibly consistent.