Scholars beware: phishing fraudsters hunt for university credentials

EDUCATION

Kaspersky Lab urges academics to be careful online: the company's researchers have detected multiple cyberattacks hitting at least 131 universities in 16 countries. These attempts to steal sensitive university information have happened in the last 12 months, with nearly 1000 phishing attacks since September 2017. Fraudsters are hunting for credentials of employees and students, their IP addresses and location data. In most cases, they create a web page for entering login and password to universities digital systems, visibly identical to the authentic one.

While the importance of bank employees’ credentials or passwords of workers in industrial enterprises is obvious, personal accounts of students and staff at universities might seem to be insignificant targets for cybercriminals. As a matter of fact, the information that could be found through a successful spear phishing attacks on universities might be even more valuable: their databases containing many impactful and exclusive types of research on various topics, from economy to nuclear physics. Besides, since many of them collaborate with leading vendors for PhDs, threat actors might access data containing not only unique expertise but also private and potentially compromising information on companies.

Even though universities are attentive to their IT security, attackers find ways to breach theirs systems by targeting the weakest link– inattentive users. In most scenarios threat actors created a web-page that appeared to be identical to the website of the university, yet differed from it with a few letters in the web address. Usually, victims are quite likely to fall into the trap and enter their credentials sending their sensitive information to phishers, especially if proper social engineering methods are used.

All in all, researchers detected 961 attacks, on 131 schools, aiming mostly at English-speaking universities. 83 of targeted institutions are located in the USA and 21 are based in the UK. The threat actors were especially interested in the University of Washington: Kaspersky Lab detected 111 attacks aimed at this particular school. The statistics show that educational institutions in Asia, Europe and Africa faced attacks too.

“The number of targeted entities is certainly worrying – apparently, the education is becoming a hot topic among the cybercriminals. University staff need to consider that each of their employees and students can become a weak link and provide criminals with access to their systems and be proactive in taking necessary security measures,” says Nadezhda Demidova, security researcher at Kaspersky Lab.

Kaspersky Lab recommends taking the following security measure to protect yourself from falling into a phishers’ trap:

Always check the link address and the sender’s email to find out if they are genuine before clicking anything – even better, do not click the link, but type it into the browser’s address line instead. If you are not sure that the website/ sender is real and safe, never enter your credentials. If you think that you could probably have entered your login and password on a fake page, immediately change your password.
Never use the same password for several websites or services, because if one is stolen, all your accounts are under risk. To create strong hack proof passwords without having to face the struggle of remembering them, use password managers, such as Kaspersky Password Manager.
To ensure that no one penetrates your connection to invisibly replace genuine websites with fake ones or intercept your web traffic, always use a secure connection – only use secure Wi-Fi with strong encryption and password, or apply VPN solutions that encrypt the traffic. For example, Kaspersky Secure Connection will switch on encryption automatically, when the connection is not secure enough.
When using your own device for web surfing, even on a mobile device, always use a robust security solution that will warn you if you are trying to visit a phishing web page.
Organizations should educate their employees to never share sensitive data, such as logins and passwords, with a third party and not to click links from unknown senders or in suspicious emails.
Organizations also should implement a reliable endpoint security solution with anti-phishing technologies, such as Kaspersky Endpoint Security for Business to detect and block spam and phishing attacks.

Read the full report on the Securelist.com

-Ends-

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

Scholars beware: phishing fraudsters hunt for university credentials

DISCOVER MORE

Abu Dhabi Mobility signs a Memorandum of Understanding with Regent Craft

LEOS Developments presents Weybridge Gardens 2, Provence edition

Income & profit growth continues into 2024 as the Bank’s strategy embeds further

Azizi Developments, Dezign Technic partner for Azizi Venice

MBRF to participate in 33rd edition of Abu Dhabi International Book Fair

Constructor Capital unveils Abu Dhabi Office as part of $1bln

LG announces first-quarter 2024 financial results

Family Development Foundation enhances societal culture by promoting knowledge and self-development

Victor moves headquarters to Abu Dhabi

Albal Design launches UAE's first science based interior design concept

Joby partners with Abu Dhabi to establish electric air taxi ecosystem

Daikin extends special support to flood-affected communities to restore air conditioning systems

WEE marketplace secures USD10mln investment from Dubai-based firm, embarking on a new era of growth

QU's ‘Innovators in cProject’ concludes 2023-2024 edition

'He barely uses his phone': Dubai student who topped JEE exam shares secret to 100% mark

University admissions: Why it pays to be authentic and self-assured in your essays

Sharjah announces return to in-person classes

Sharjah Ruler establishes Al Dhaid University

LATEST VIDEO

VIDEO: Expect more extreme weather threats like UAE floods worldwide – Climate expert

ZAWYA COVERAGE

Austrian-UAE deal to create $32bln chemical company likely delayed by elections – Bloomberg

UAE’s Bayanat, Yahsat shareholders approve merger to create SPACE42

Dubai-listed Mashreq’s Q1 2024 net profit surges to $544mln

87% of Saudi Vision 2030 initiatives now complete, on track

UK's Cameron 'deeply concerned' by British nationals accused of criminal acts for Russia

With Russia in mind, French carrier joins drills under NATO command

Indian cenbank issues draft guidelines for web aggregators of loan products

Stocks face worst month since September, yen swings after BOJ

PSG in perfect form to finish season in style, says Luis Enrique

THE BRI REPORT

China’s flagship global infrastructure initiative is changing in the face of potent headwinds