Generally speaking, librarians are awesome, service-oriented professionals committed to providing library patrons with the resources they need. Silent Librarian, however, is not awesome. Silent Librarian is a phishing campaign that targets students and staff at universities worldwide in an effort to obtain credentials to access the university library and steal proprietary data. The campaign sends targeted phishing emails to students and staff asking them to renew loaned items or materials checked out from the library and provides a link to a website that spoofs the legitimate library’s website. Changes in the domain name can be subtle but follow a pattern. For example, the University of North Texas’s library domain is library.unt.edu but was spoofed as libproxy.library.unt.edu.itlib.me.
Phishing is one of the most common ways bad actors obtain access to networks. Always be very careful about clicking on links in emails that ask for information of any kind, even about your library account. To be safe, go directly to the BYU Library’s website or Law Library’s website and log in directly, or forward the email to the library or the IT Help Desk to verify it is legitimate.
Happy Cybersecurity Awareness Month!