The “back to school” season is a busy one.
University students, whether starting out as freshman or returning to their studies, have a lot to take care of, from getting school supplies to settling into their student housing to making sure they’re properly registered for all their classes.
A big part of going to university these days is checking your email. Professors, Teaching Assistants, group leaders, intermural team captains and more all use email as a primary source of communication.
The end result? Student inboxes are stuffed throughout September.
And it’s this oversaturation of emails that makes it so easy for a dangerous phishing email to go unnoticed until it’s too late…
Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to infect themselves with malware.
With only a surprisingly small amount of information, cybercriminals can convincingly pose as university administration members and those in positions of authority in order to persuade students to click a link that will infect them with malware.
Researchers from Proofpoint have found that instances of email fraud (i.e., phishing) have increased the most year after year in the education sector when compared to other industries. In 2018, there was a 192% increase from the previous year with an average of 40 attacks per organization.
In simple terms? Because it’s easy.
“Schools balance a culture of openness and information-sharing with rules and controls to effectively protect user privacy and system security while the severity and sophistication of attacks against schools continue to increase,” said Chris Dawson, head of threat intelligence at Proofpoint, to Threatpost. “Cybercriminals capitalize on this atmosphere and target both students and staff to gain access to credentials and vast stores of sensitive data available in student information systems.”
As stated above, students have a lot of emails to sort through in September, many of which come with urgent deadlines that need to be met in order to make sure they properly registered for the year’s courses. All these factors together make it likely that they’ll click a link in a seemingly safe email, or give up their password without a second thought.
A notable example of these student-targeted phishing campaigns is TA407/Silent Librarian, which has three key components:
When students click on the link, they are brought to a fake login portal, and directed to input their username and old password. Once they have, it’s game over - they’ve given the hacker their login info.
While you may not work with a university, if you operate in the education sector, then you need to be aware of scams like this. The same type of strategy can work just as effectively against your students via their school email accounts, as well as your staff members.
By creating urgency, and appearing to come from a trusted source, a cybercriminal can trick you into downloading malware or giving up sensitive information. That’s why you, your colleagues and your students need to be aware of how phishing works and how to spot a suspicious email:
In addition to a range of other managed IT services, LI Tech Advisors will protect your Long Island private school’s network with robust security solutions. Anti-virus, anti-malware, firewalls, and emergency data backup will help to minimize threats against your staff and your student body.
With our support, your teachers and admin staff won’t have to worry every time they or a pupil opens an email – they can focus on cultivating an effective learning environment instead.
Like this article? Check out the following blogs to learn more:
Anthony holds dual degrees in Electrical Engineering and Computer Science from NYU.
He has over 30 years of experience in hardware design and software programming. Anthony specializes in computer and cloud networking and has collaborated with clients and third parties on creating custom software designs and is a web presence and accessibility compliance expert.