UK students left open to university phishing attacks

Many of the UK's top universities could be putting students at risk of cyberattack by failing to implement proper online security, new research has warned.

Only one of the UK's top 20-ranked universities was found to have adequate protection against phishing attacks, which could allow hackers to spoof internal communications to trick victims into handing over personal details.

According to a report from security firm Proofpoint found that two-thirds of the top 20 univerisites were not properly protected against such attacks, which could affect new applicants awaiting their A-Level results later this month.


Proofpoint's research found that 65 percent of the institutions it surveyed had no published DMARC (Domain-based Message Authentication, Reporting & Conformance) record, making them more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud for students.

And with aound 235,000 prospectiver students awaiting their acceptance letters within the next few weeks, this could lead to criminals taking advantage.

Proofpoint added that its researchers also recently discovered that the education sector saw the largest year-over-year increase in email fraud attacks of any industry in 2018, rising 192 percent over 12 months for around 40 attacks per organisation on average.

“Email continues to be the vector of choice for cybercriminals,” says Kevin Epstein, VP of threat operations at Proofpoint. “By not implementing simple, yet effective email authentication best practices, Universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data.”

“Institutions and organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. Cybercriminals are always going to leverage key events to drive targeted attacks using social engineering techniques such as impersonation and universities are no exception to this.”

“Ahead of A Level results day, student applicants must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on their future.”

  • Check out the best antivirus to help protect your business from the latest cyber threats

No comments yet.

Leave a Reply

in development