• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Network Security, News

Protecting Students and Faculty from University Phishing Attacks

University phishing attacks are causing significant financial losses. Here are some phishing prevention tips for colleges & universities.

April 22, 2021 Salvatore Stolfo Leave a Comment

university phishing attack, phishing prevention tips for schools

Every day, hackers scam students and administrators into giving up their private credentials, revealing sensitive information that can lead to violations under FERPA, or provide access to sensitive internal university systems in university phishing attacks.

But phishing is more than an annoyance — it’s causing significant financial losses and privacy violations at college campuses around the country.

According to the 2019 Verizon Data Breach Report, 53% of all cyberattacks in the higher education industry involve stolen credentials.

It’s also damaging the trust between universities and their end-users, chipping away at brand reputation. While it was once a problem reserved for the banking and financial sector, phishing is on the rise at colleges and universities.

In fact, the Anti-Phishing Working Group (APWG) noted that 2019 was “the worst period for phishing that the APWG has seen in three years, since the fourth quarter of 2016.”

Anyone who works in the field of campus technology knows the chaos that university phishing attacks and their resulting credential theft causes. Students are the most common target, but no one on campus is safe from these schemes.

Beyond email filtering

Often, security teams focus their anti-phishing strategy on securing university email addresses. That’s because most victims are targeted via email. A common tactic is to send out a highly convincing email to students.

The message appears to come from an administrator or faculty member at the school or even the campus bookstore. It may state something urgent about that student’s loan or registration status, along with instructions to click on a link to visit a website. The student trusts that this message is from the school and clicks on the link, setting the scam into motion.

But email isn’t the only component of university phishing attacks. Hackers are evolving their schemes, using other ways to connect with their victims and get what they want. Phishing via mobile devices using SMS texts is increasing.

Salvatore J. Stolfo is a professor of computer science at Columbia University.

The 2019 Verizon Data Breach Report reveals that 18% of individuals who clicked on test phishing links did so on their mobile devices. This means that email filtering won’t be enough to protect students and faculty who are using mobile devices to communicate.

Student web portals are also particularly under threat due to the valuable personal financial information they contain. Multinational cybersecurity and anti-virus provider, Kaspersky Labs, reports that internet portals were the most targeted business category in Q3 2018, representing 32% of all cyberattacks.

Hackers can use automation software and quickly create spoof websites that look like the real thing. Then, they send highly-convincing emails to their intended targets that include a link to the spoof URL.

They often contain a message urging the victim to log on or change their password due to a security threat or policy change. Once the victim visits the spoof site and enters their credentials, the hacker has access to all of the information about that student contained in the portal.

College security teams have turned to anti-phishing email filters to block out any messages that are suspicious. This is a fundamental tool for good cyber hygiene, but it’s not enough. That’s because anti-phishing filters can’t catch all of the email scams. It’s a scale issue. Think about how many individuals at your university use .edu email domains. It only takes a few clicks on a link to a malicious domain to effectively target hundreds and thousands of students.

Protecting the integrity of your brand

In the minds of the students, faculty, and the regulatory bodies that monitor for FERPA violations, it’s the university that bears responsibility for cyberattacks.

To protect your end-users from the risks of phishing, universities need to evolve security strategies, just as hackers have evolved their attack vectors. It starts with understanding the many facets of phishing and then implementing a more comprehensive detection and response strategy.

A modern anti-phishing strategy should extend beyond email filtering. It must also do more to protect students, instead of just faculty and administrators. Students are the most susceptible.

Related: This AI Solution Uses Facial Recognition Tech to Keep Schools Safe

It’s time for colleges and universities to adopt an intelligent, comprehensive anti-phishing strategy. A robust anti-phishing detection and response strategy considers the tactics used in today’s sophisticated phishing schemes, such as social engineering, mobile devices, email, and the fundamental building block of this attack vector: the spoof website.

Colleges and universities are already struggling to market themselves to potential students, but this becomes even more challenging when the institution is targeted by a cyberattack. All the brand equity that universities work so hard to build can disintegrate quickly when there is a breach involving student data.

Ultimately, the university will pay a price, whether through regulatory fines, the loss of revenue, or when their brand reputation is tarnished.

Tagged With: Higher Ed

Related Content:

  • Microsoft Defender for Endpoint Microsoft Rolls Out Preview of New Defender for…
  • Infosec, Cybersecurity Awareness Infosec Launches Free Educational Resources for Cybersecurity Awareness…
  • Microsoft August 2022 Patch Tuesday August 2022 Patch Tuesday: 121 Microsoft Vulnerabilities
  • Log4j, Log4Shell Modern Cyber Threats, Supply Chain Attacks Are Burning…

Free downloadable guide you may like:

  • Blueprint Series: How to Reduce Shadow IT

    The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Research finds that this distributed work environment is leading to IT management blind spots and shadow IT.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Blueprint Series: How to Reduce Shadow IT

The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Resea...

Hybrid Work webinar
Featured Webcast: Collaboration 2.0 — Where Are We Now?

In this webinar, subject matter experts discuss the transformation of the workplace, the rise of hybrid workers, the importance of open connectivit...

guide to end user training cover
Pro Tips for Conducting End User Training

Effective trainings are the glue that can make the difference following a new technology implementation that your team has spent so much time, effo...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.