Openness, inclusiveness, and a flexible learning environment—they’re hallmarks of today’s colleges and universities. But cyber-attackers turn these strengths into security challenges. They target insecure networks and a lack of established protocols, taking particular advantage of BYOD policies letting people use devices with insecure or malicious apps.1 Understaffed IT teams can’t meet the need for security patches and anti-virus software.
Attackers phish for personal credentials (name, email address, social security number, and more), intellectual property (valuable academic research), or a sweet payoff after inflicting ransomware. While higher education has stepped up security efforts, smaller schools with leaner budgets continue to be vulnerable, relying mostly on anti-virus software or spam filters.2 One study showed that nearly 90% of top US colleges and universities fail to protect users against phishing attacks spoofing the school’s domain.3 To wit, researchers in 2018 found a broad credentials phishing campaign aimed at universities, using over 300 phony websites and login pages for 76 schools in 14 countries.4
Here’s part of a phish American students recently received, which according to the FBI dangled employment opportunities:
“You will need some materials/software and also a time tracker to commence your training and orientation and also you need the software to get started with work. The funds for the software will be provided for you by the company via check. Make sure you use them as instructed for the software and I will refer you to the vendor you are to purchase them from.”5
Cofense delivers solutions that train employees and students to spot and report phishing so security teams can stop it in its tracks.