UK students are at risk from email scams because many top universities are not following best practices to block fraudulent emails, new research has claimed.
According to a report by cybersecurity firm Proofpoint, 65% of the UK’s top 20 universities were not using any form of an industry-recommended email authentication tool.
It says this could enable cybercriminals to imitate the universities in question easily, placing students applying for higher education after receiving their A-Level results at greater risk of email fraud.
The Domain-based Message Authentication, Reporting and Conformance (DMARC) record is used to verify that an address being used by an email sender is genuine and not an impersonation by cybercriminals.
According to the research, which did not name any of the universities in question, only one in the top 20 was using the recommended level of DMARC protection.
35% were using some form of the tool but below the recommended level.
Proofpoint’s vice president of threat operations Kevin Epstein said the company was concerned that online criminals would use the anticipation of communication from universities around A-Level results day to trick students into sharing personal data.
“By not implementing simple, yet effective email authentication best practices, universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data,” he said.
“Email continues to be the vector of choice for cybercriminals.
“Proofpoint researchers found that the education sector saw the largest year-over-year increase in email fraud attacks of any industry in 2018, soaring 192 percent to 40 attacks per organisation on average.
“Institutions and organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences.
“Cybercriminals are always going to leverage key events to drive targeted attacks using social engineering techniques such as impersonation and universities are no exception to this.
“Ahead of A-Level results day, student applicants must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on their future.”
Epstein said given the amount of emails that would be sent on A-Level results day it was inevitable that some students would be targeted by phishing scams.
He encouraged them to be cautious of any communication attempts that request log-in details or threaten to suspend a service or account if a link isn’t clicked.
In response to the research, the National Cyber Security Centre (NCSC) said the majority of cybersecurity incidents were caused by a lack of awareness, and so it worked closely with universities and other education bodies to improve their security measures and provide information on best practices.
“NCSC experts work closely with the academic sector to improve their security practices and help protect education establishments from cyber threats,” a spokesperson for the centre said.
We need your help to keep speaking the truth
Every story that you have come to us with; each injustice you have asked us to investigate; every campaign we have fought; each of your unheard voices we amplified; we do this for you. We are making a difference on your behalf.
Our fight is your fight. You’ve supported our collective struggle every time you gave us a like; and every time you shared our work across social media. Now we need you to support us with a monthly donation.
We have published nearly 2,000 articles and over 50 films in 2021. And we want to do this and more in 2022 but we don’t have enough money to go on at this pace. So, if you value our work and want us to continue then please join us and be part of The Canary family.
In return, you get:
* Advert free reading experience
* Quarterly group video call with the Editor-in-Chief
* Behind the scenes monthly e-newsletter
* 20% discount in our shop
Almost all of our spending goes to the people who make The Canary’s content. So your contribution directly supports our writers and enables us to continue to do what we do: speaking truth, powered by you. We have weathered many attempts to shut us down and silence our vital opposition to an increasingly fascist government and right-wing mainstream media.
With your help we can continue:
* Holding political and state power to account
* Advocating for the people the system marginalises
* Being a media outlet that upholds the highest standards
* Campaigning on the issues others won’t
* Putting your lives central to everything we do
We are a drop of truth in an ocean of deceit. But we can’t do this without your support. So please, can you help us continue the fight?