Fraudsters launch phishing attacks on universities

Back-to-school season is traditionally a profitable time for con artists, as millions of students around the world prepare to make tuition payments or buy school supplies and new books. As universities become more concerned about the cybersecurity of their networks, attackers find new ways to breach these systems by targeting inattentive students, staff, and professors. Kaspersky experts point to increased phishing campaigns in which fraudsters use the names of the world’s most prestigious universities.

University-specific phishing pages are typically well-crafted and closely resemble official university websites or online learning management systems. Users are duped into sharing personal information such as account credentials, IP addresses, or location data when they visit false pages.

Examples of phishing pages mimicking university log in pages

When it comes to data protection, the importance of university corporate account security is frequently underestimated. Famous educational institution names, some of which have critical research centers operating in fields ranging from political economy to nuclear physics, are used as an enticement to distribute phishing pages.

Furthermore, because governments and large corporations frequently purchase research studies from these universities, the sensitive data they possess is extremely valuable to attackers.

By gaining access to students’ or employees’ accounts, the attacker not only gains access to their victims’ personal information, but also to their educational plans, payment information, and class schedule. This raises the possibility of online threats escalating into real-life stalking and abuse. 

“Education becoming more digitalized is a beneficial shift. Not only learning management systems allow students to maximize their academic progress in the most efficient way, but also more people across the world get a chance to learn from best professors at the biggest universities. This also widens the spectrum of threats student face. Scammers are luring students to give away their personal credentials to access data containing not only unique expertise but also private and potentially compromising information,” comments Olga Svistunova, security expert at Kaspersky.

Kaspersky recommends the following measures to safeguard systems and young people against education fraud:

• It will be safe to check the link before clicking. Hover over it to preview the URL, and look for misspellings or other irregularities 
• Introduce some form of two-factor authentication for information systems, especially web-based ones, and particularly for access to student records, grades and assessments. Set strong and appropriate access controls, so that it is not easy for a hacker to move laterally through the system.
• On campus, have two separate and secure wireless networks, one for staff and one for students, and another one for visitors if you need it.
• Introduce and enforce a robust staff password policy and encourage everyone to keep their access credentials confidential at all times. Never use the same password for several websites or services, because if one is stolen, all your accounts are under risk. To create strong hack proof passwords without having to face the struggle of remembering them, use password managers, such as Kaspersky Password Manager. It’s available for purchasing on its own, but it’s also included as part of Kaspersky Total Security. To celebrate beginning of the school year, users purchasing consumer solutions will get a discount up to 30%, the special offer is running till September 12^th. 
• Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Endpoint Security for Business