Two in three of UK’s top 20 universities are putting their students at risk of phishing attacks (opens in new tab), given that they lack proper security measures. This is according to Proofpoint’s latest report, which claims these universities lack what’s known as the DMARC record.
The Domain-based Message Authentication; Reporting and Conformance record is necessary to prevent hackers from spoofing their email address and posing as someone from the university.
Proofpoint says this has been a record year when it comes to UK school leavers applying for higher education places. Consequently, a large number of students will be waiting for an email to hear from their potential educators, which makes them extra vulnerable to phishing attempts (opens in new tab).
“By not implementing simple, yet effective email authentication best practices, Universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data,” says Kevin Epstein, VP of Threat Operations at Proofpoint.
“Email continues to be the vector of choice for cybercriminals. Proofpoint researchers found that the education sector saw the largest year-over-year increase in email fraud attacks of any industry in 2018, soaring 192 per cent to 40 attacks per organisation on average.”
Proofpoint says students should always double-check the validity of all email communication, and be aware of any potential dangers. Any request for login credentials, or a threat that a service could be terminated unless a link is clicked on should be questioned.
On top of it all, students should be following best practices in terms of password hygiene (opens in new tab), which includes the usual – a strong password, not using the same password across various services, and making sure the passwords are changed frequently.