According to a recent study by Proofpoint, Inc., a company specializing in cybersecurity and compliance, it has been revealed that a significant 84% of the top 100 universities in the Middle East are not taking proactive measures to block fraudulent emails from reaching their students, faculty, and partners. This deficiency in basic cybersecurity measures puts these institutions at a higher risk of falling victim to email-based impersonation attacks.
The analysis conducted by Proofpoint, Inc. focused on the adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) among the leading Middle East universities. DMARC is a protocol designed to enhance email validation, safeguarding domain names against misuse by cybercriminals. It functions by verifying the authenticity of the sender’s identity before allowing the email to be delivered to its intended recipient. DMARC offers three tiers of protection: monitoring, quarantining, and rejecting emails. The “reject” level provides the highest level of security, preventing suspicious emails from infiltrating inboxes.
Regrettably, the study found that only 16% of the top 100 Middle East universities have implemented the most stringent and recommended level of DMARC protection, which is the “reject” level. This indicates that a substantial 84% of these institutions are failing to proactively block deceptive emails from reaching users. Despite this concerning statistic, around 61% of these universities have taken initial steps to shield their students and staff from email fraud by implementing a basic DMARC record. However, 39% of the universities lack any form of DMARC protection, rendering them susceptible to cybercriminals who can impersonate their domains and target individuals with email-based scams.
Emile Abou Saleh, Regional Director for the Middle East, Turkey, and Africa at Proofpoint, emphasized the significance of implementing effective email authentication practices, particularly in the education sector. He pointed out that many Middle East universities are leaving individuals exposed to cybercriminals seeking personal and financial information due to their failure to adopt such measures. He highlighted the continued prominence of email as a favored vector for cybercriminals and stressed the vulnerability of educational institutions due to the valuable data they possess.
Apart from impersonation attacks, the study also highlighted the importance of guarding against Business Email Compromise (BEC) attacks. These attacks involve cybercriminals assuming the identities of legitimate business contacts to send fraudulent emails aimed at deceiving victims into believing they are receiving authentic correspondence from reputable organizations. The study reported that 66% of UAE organizations experienced attempted BEC attacks in the previous year.
Emile Abou Saleh underscored the prevalence of domain spoofing, where cybercriminals send emails from seemingly legitimate sender addresses to trick recipients into sharing sensitive information. He emphasized that implementing the highest level of DMARC protection, which is “reject,”
enables universities to actively thwart fraudulent emails from reaching their targets, thereby safeguarding students, faculty, and partners from cybercriminals attempting to exploit their reputation.
In light of these findings, Proofpoint has provided valuable recommendations for individuals, including students, to enhance their online safety:
1. Use Strong Passwords: Avoid reusing passwords and consider employing a password manager for convenience and security. Additionally, adopting multi-factor authentication provides an extra layer of protection.
2. Beware of “Lookalike” Sites: Cybercriminals often create counterfeit websites resembling well-known brands and institutions. These fake sites may impersonate legitimate establishments, potentially hosting malware or aiming to steal personal and financial information.
3. Guard Against Phishing and Smishing Attacks: Exercise caution with phishing emails that direct recipients to unsafe websites designed to gather sensitive data. Be wary of smishing (SMS phishing) and messages via social media platforms that could also be attempts at deception.
4. Avoid Clicking on Links: If you receive emails from your university, it’s advisable to manually enter the known web address into your browser instead of clicking on links.
The research by Proofpoint emphasizes the critical need for robust cybersecurity practices, especially in educational institutions, to safeguard individuals from evolving cyber threats.
