Email fraud warning issued to students ahead of A-Level results

Support us and go ad-free

UK students are at risk from email scams because many top universities are not following best practices to block fraudulent emails, new research has claimed.

According to a report by cybersecurity firm Proofpoint, 65% of the UK’s top 20 universities were not using any form of an industry-recommended email authentication tool.

It says this could enable cybercriminals to imitate the universities in question easily, placing students applying for higher education after receiving their A-Level results at greater risk of email fraud.

The Domain-based Message Authentication, Reporting and Conformance (DMARC) record is used to verify that an address being used by an email sender is genuine and not an impersonation by cybercriminals.

According to the research, which did not name any of the universities in question, only one in the top 20 was using the recommended level of DMARC protection.

35% were using some form of the tool but below the recommended level.

Proofpoint’s vice president of threat operations Kevin Epstein said the company was concerned that online criminals would use the anticipation of communication from universities around A-Level results day to trick students into sharing personal data.

Read on...

Support us and go ad-free

“By not implementing simple, yet effective email authentication best practices, universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data,” he said.

“Email continues to be the vector of choice for cybercriminals.

“Proofpoint researchers found that the education sector saw the largest year-over-year increase in email fraud attacks of any industry in 2018, soaring 192 percent to 40 attacks per organisation on average.

“Institutions and organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences.

“Cybercriminals are always going to leverage key events to drive targeted attacks using social engineering techniques such as impersonation and universities are no exception to this.

“Ahead of A-Level results day, student applicants must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on their future.”

Epstein said given the amount of emails that would be sent on A-Level results day it was inevitable that some students would be targeted by phishing scams.

He encouraged them to be cautious of any communication attempts that request log-in details or threaten to suspend a service or account if a link isn’t clicked.

In response to the research, the National Cyber Security Centre (NCSC) said the majority of cybersecurity incidents were caused by a lack of awareness, and so it worked closely with universities and other education bodies to improve their security measures and provide information on best practices.

“NCSC experts work closely with the academic sector to improve their security practices and help protect education establishments from cyber threats,” a spokesperson for the centre said.

Support us and go ad-free

Do your bit for independent journalism

Did you know that less than 1.5% of our readers contribute financially to The Canary? Imagine what we could do if just a few more people joined our movement to achieve a shared vision of a free and fair society where we nurture people and planet.

We need you to help out, if you can.

When you give a monthly amount to fund our work, you are supporting truly independent journalism. We hold power to account and have weathered many attempts to shut us down and silence the counterpoint to the mainstream.

You can count on us for rigorous journalism and fearless opposition to an increasingly fascist government and right wing mainstream media.

In return you get:

  • Advert free reading experience
  • Behind the scenes monthly e-newsletter
  • 20% discount from our shop

 

The Canary Fund us