Universities are meant to be the place to get an education, but they have turned into havens for phishing scams. Students are not safe at all if the records reported worldwide are anything to go by – over 15 million attacks on students from different institutions.
Why Students are Targeted
Workplaces have protected email protocols since organizations are not afraid to spend on proper systems, but that is not necessarily the case in colleges. These are only a few of the reasons they fall prey to fraudsters.
Goldmine of Information
There is enough information on students and staff for one to steal and create a new identity. Names, home addresses, college emails, social security numbers, drivers’ licenses, and phone numbers are all hot cake for people with malicious intentions.
Poor Security
Even though school heads know they hold valuable information that makes them targets, they are usually constrained by budgets and will usually not have the most cutting-edge technology for protection. Add to that fact students and staff bringing their own devices to campus and you have a network that may be impossible to protect. Since most students will not make their choice based on a school’s email cybersecurity, principals will usually not prioritize it.
Access to Research
Think of all the scholarly research available at schools and the value it may have to foreigners. A paper written for and by students may contain confidential information that can be used for one thing or another. Especially if you choose to write your paper for money, only a reliable academic service can guarantee no data leaks. Apart from college assignment articles, there are other research papers within schools done by scholars funded by the government that hackers may want in their hands.
When research is done thoroughly by a professional from a paper writing service and turned in to the student, they could expose themselves to hackers without meaning to. In this regard, it is worth noting that Canadian schools were the most phished in Quarter 1 of 2020, according to the RSA Quarterly Fraud Report.
How to Stay Safe
Top universities have fallen prey to phishing scams, including MacEwan University in Edmonton, Alberta, Harvard, Duke, and Penn State, and lost lots of money in the process. Apart from educating their students and staff on phishing attacks, there is more that they can do.
Two-Factor Authentication – 2FA
Schools get affected by phishing more regularly when they only apply one-factor authentication. This means users only need to enter a password before gaining access to a site, and that makes them vulnerable. Not all information is important enough to warrant 2FA, but the most important details that give access to student data, academic papers, sensitive assignments, and research that could be used for harm should be subjected to a process where the user enters a unique identifier before they are logged in. This process protects a university without them having to spend extra money on cybersecurity. It’s even safer when the number changes with every login.
Educating Users
Students and staff need regular phishing education so they don’t fall for the sophisticated methods used by today’s hackers. The only Nigerian prince is too old for anyone to fall for any more unless they live under a rock, but there are new almost foolproof methods that need regular updates.
Hackers are now using emails from prominent organizations to prank people into changing their details, effectively giving them access to their accounts. Universities that have lost lots of money have been tricked through emails giving changed payment options by suppliers. There is whaling too, where a phisherman will follow the routine of top executives at a company to a tee to eventually use it in ways that the top guy thinks they are personally known to them or working a the organization. This works mostly on school heads who don’t attend regular meetings on security. It can be remedied by everyone attending these meetings and/or investing in sophisticated anti-phishing software.
Using an Anti-phishing Service
While the two solutions are effective on their own, humans are forgetful and a little reckless in the course of handling things, necessitating a more hands-off approach. An anti-phishing service follows the patterns of communication between students, staff, and the outside world so well that it is eventually able to red-flag suspicious communication. Emails unknown and likely to be malicious are marked for the user, warning them to exercise caution while interacting.
Take Charge
The onus is on everyone to protect themselves and their school from malicious attacks. When writing or opening an email, you want to check the address twice to be sure you are interacting with the right party. Schools may soon start lessons in class to empower students and staff to protect their institutions.
