A new study has warned that 85% of the UK’s top universities are not adequately protecting themselves and their students from email fraud.
According to cybersecurity specialists Proofpoint, just 15% of the UK’s top 20 universities have put the strictest level of email validation in place. Domain-based message authentication, reporting and conformance (DMARC) is a protocol that verifies whether an email is impersonating its source.
Organisations have been recommended to implement the highest level of DMARC to ensure maximum security. This helps minimise false positives, reduces successful phishing attacks, and works at the scale necessary to tackle the volume of fraudulent emails seen today.
However, the analysis did reveal that 70% of the universities published a DMARC report. This marks a 100% rise since 2019. It does however mean that six universities did not provide a DMARC report.
According to Proofpoint cybersecurity strategist Adenike Cosgrove: “Our research has shown that many UK universities are still exposing people to cybercriminals on the hunt for personal and financial data by not implementing simple, yet effective email authentication best practices. Email continues to be the vector of choice for cybercriminals and the education sector remains a key target.
“Organisations in all sectors should deploy authentication protocols, such as DMARC, to shore up their email fraud defences. Cybercriminals pay close attention to major trends and will drive targeted attacks using social engineering techniques such as impersonation, and universities are no exception to this.
“As the university terms begins, students and staff must be vigilant in checking the validity of all emails, especially when levels of uncertainty and anticipation are higher at the beginning of a new term.”
- R3-IoT’s co-founders on Scottish space tech and connectivity
- Apple decries EU move to adopt universal charging port
- Robots to catalyse energy sector’s push to net-zero
Emails are a common vector for cyberattacks and fraud. While some of these can be unsophisticated and easy to catch, like the infamous ‘Nigerian prince’ emails, some pose a genuine threat. Malware can be embedded directly into the email, making even opening the email dangerous.
Even without malware, the email can form part of a spear phishing campaign, where the goal is to build trust or authority with the target to gather information before requesting money or asking them to download malware.
A recent report warned that email phishing attacks are on the rise. It found that malicious emails jumped 45% quarter on quarter in the final three months of 2020. In addition, just under half the people surveyed said they had clicked on a phishing email.
University students receive increased email traffic, especially at the start of the school year. This makes them especially vulnerable to phishing attempts.
While security services exist, ultimately, the recipients are the final line of defence – ensuring everyone is vigilant and understands the threat is vital to stay secure.