University phishing scams targeting students have increased in recent months. Targeting some of the most well educated individuals may not appear to be the most rewarding strategy for scammers, but students are falling for these university phishing scams in their droves.
University Phishing Scams are Becoming Difficult to Identify
Awareness of phishing tactics has certainly improved thanks to educational programs, email warnings, and media coverage of phishing attacks, but in response, cybercriminals have got better at scamming. Today, phishing emails can be difficult to identify. In fact, in many cases, it is virtually impossible to tell a genuine email from a scam.
While students may be aware of the risks of clicking links in emails from unknown senders, the same cannot be said when the emails are sent from a contact. Emails from university IT departments, professors and colleagues are likely to be opened. Students’ guard is let down when the sender of the email is known.
When a convincing request is included, students often respond and have no idea that they have been scammed into revealing their login credentials or disclosing other sensitive information. All it takes is for one email account of a student to be compromised to start the process. Emails are then sent to that individual’s email address book. A number of those contacts respond. The same happens with their contacts and so on. Given that there are supposedly six degrees of separation between all individuals on the planet, it is easy to see how fast malware infections can spread and how multiple email accounts can be compromised rapidly.
University phishing scams have been increasing for some time, although the past few months have seen even more scams emails sent. Recently, the University of Connecticut sent warnings out to students following a spate of phishing scams. Some of those scams involved the impersonation of the University president. Students at the University of Georgia have also been targeted.
In the case of the latter, one student’s email account was compromised after she responded to a phishing email sent from UGA associate. The email did not arouse any suspicions because the contact was known. In the email the student was told that it was important for her to change her password. Failure to do so would result in her being locked out of her email account. She responded by clicking the link and changing her password. However, what she had done was disclose her old password and her new one to the attacker.
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo
The attacker then used those credentials to set up a mail forwarder on the email account. The student only found out after querying why she was no longer receiving emails with the IT help desk. After investigating, the mail forwarder was discovered.
Other students were similarly targeted and their emails accounts were used to send out huge volumes of spam emails. It was only when spamming complaints were received about the compromised accounts that the problem was identified.
These university phishing scams are conducted for a wide range of nefarious purposes. Spamming and mail forwarders may cause limited harm, but that may not always be the case. Malware infections can result in serious financial harm to students and universities. Ransomware installations can occur after students respond to phishing campaigns, and those attacks can cost tens of thousands of dollars to resolve.
How to Protect Students and Networks from the Scammers
Since these phishing scams are now so hard to identify, training on email and cybersecurity best practices is no longer as effective as it once was. Technological solutions are therefore required to prevent emails from being delivered and to stop end users from being directed to malicious websites.
SpamTitan is an ideal spam filtering solution for universities. SpamTitan blocks 99.97% of spam emails and 100% of known malware. The solution is cost effective to install, easy to administer, and no additional hardware is required or any software updates necessary.
When used in conjunction with WebTitan – TitanHQ’s powerful web filtering solution –all attempts to visit malicious links and known phishing websites can be blocked.
Both solutions are available on a 30-day no obligation free trial. If you want to ensure your students and university networks are properly protected, contact the TitanHQ sales team today to register for the trials and discover the difference that each solution can make.