A series of Freedom of Information (FoI) requests filed with universities by Duo Security has revealed that 72% of the universities that responded have fallen victim to phishing attacks in the last 12 months – 7 of these have been attacked more than 50 times, including those with GCHQ-certified degree courses.
Why are universities an attractive target?
Because of the extensive variety of data they collect and hold: personally identifiable information (PII) and the financial data of students, staff and alumni, as well as data about grant funds and innovative research – a goldmine for cyber criminals.
Early this year, Action Fraud warned universities of a phishing email targeting universities’ staff: pretending to be from university HR departments, the email made the recipients believe they were due a pay rise, with the purpose of gathering their financial details through a bogus link.
Are your staff trained to recognise phishing emails?
Understanding whether an email is fraudulent or legitimate is not as difficult as it may seem: if your staff know where to look and what to look for, they can dramatically reduce the risk of swallowing the bait. Here are some tips:
- Check the sender’s email address by hovering your mouse over the name – in this way, even if the name sounds familiar, the email address may ring a warning bell.
- Check for grammar and spelling mistakes – many malicious emails are written in poor English.
Consider rolling out a regular staff awareness training to raise awareness of phishing emails – find more tips and tricks on the Phishing Staff Awareness E-learning Course.