Universities are becoming more concerned about their networks’ cybersecurity, but cyber-attackers find ways to breach these systems by targeting inattentive students, staff and professors.
Kaspersky experts highlight intensified phishing campaigns with fraudsters exploiting the names of some of the worlds’ biggest universities.
University-specific phishing pages are usually well-crafted and mimic official university webpages or online learning management systems. Once users visit false pages, they are duped into sharing personal information like account credentials, IP addresses or location data.
The importance of universities’ corporate account safety is often underrated when referring to organisations’ data protection. Famous educational institution names, some with critical research centers operating in various fields from political economy to nuclear physics, are used as a lure to distribute phishing pages. And with governments and large corporations often purchasing research studies from these universities, it makes the sensitive data they possess extremely valuable for attackers.
By accessing students’ or employees’ accounts, the attacker may access personal information of their victims but also their educational plans, payment information and timetable of classes. This carries the risks of online threats transitioning to real life stalking and abuse.
“Education becoming more digitalised is a beneficial shift,” comments Olga Svistunova, security expert at Kaspersky. “Not only do learning management systems allow students to maximise their academic progress in the most efficient way, but also more people across the world get a chance to learn from the best professors at the biggest universities.
“This also widens the spectrum of threats student face. Scammers are luring students to give away their personal credentials to access data containing not only unique expertise but also private and potentially compromising information.”