Researchers from Kaspersky have noted intensified phishing campaigns with fraudsters exploiting the names of some of the world’s biggest universities.
University-specific phishing pages are usually well-crafted to ape official university Web pages or online learning management systems. Once users visit one of these fake pages, they are fooled into divulging personal information such as account credentials, IP addresses, or location data.
According to Kaspersky, this time of the year marks the start of a new school year for many nations across the globe, and 'back to school season' is usually a profitable time for cyber crooks as millions of students are getting ready to make tuition payments, or buy school supplies.
With universities becoming more concerned about their networks’ cyber security, bad actors are finding ways to breach these systems by targeting students, staff, and professors.
The importance of universities’ corporate account safety is often underrated, according to Kaspersky.
“Famous educational institutions, some with critical research centres operating in various fields from political economy to nuclear physics, are used as a lure to distribute phishing pages. And with governments and large corporations often purchasing research studies from these universities, it makes the sensitive data they possess extremely valuable for attackers.”
Olga Svistunova, a security expert at Kaspersky, says education becoming more digitalised is beneficial, as learning management systems enable students to maximise their academic progress, and give more people around the world a chance to learn from the top academics at the best universities.
“This also widens the spectrum of threats student face,” she adds. “Scammers are luring students to give away their personal credentials to access data containing not only unique expertise but also private and potentially compromising information.”
Fighting education fraud
To combat education fraud, Kaspersky recommends always checking before clicking. Hover the mouse over any link to preview the URL, and keep an eye open for misspellings or other irregularities.
In addition, introduce some form of two-factor authentication for Web-based information systems, especially when it comes to accessing student records, grades and assessments. Also, set strong and appropriate access controls so that it is not easy for a hacker to move laterally through the system.
Furthermore, on campus, have two separate and secure wireless networks, one for staff and one for students, and if possible, a third for visitors, advises Kaspersky.
“Introduce and enforce a robust staff password policy and encourage everyone to keep their access credentials confidential at all times. Never use the same password for several Web sites or services, because if one is stolen, all your accounts are at risk. To create strong hack-proof passwords without having to face the struggle of remembering them, use a password manager.”