As per a report by cybersecurity firm Proofpoint, 65% of the UK’s top 20 universities were not employing any form of an industry-recommended email authentication tool. This could lead to cybercriminals easily imitating the universities in question, placing students applying for higher education after receiving their A-Level results at greater risk of email fraud.
The Domain-based Message Authentication, Reporting and Conformance (DMARC) record is employed to authenticate that an address being used by an email sender is genuine and not an impersonation by cybercriminals. The research showed that only one in the top 20 was using the recommended level of DMARC protection. 35% were using some form of the tool but below the recommended level.
Kevin Epstein, Proofpoint’s vice president of threat operations said, “The company was concerned that online criminals would use the anticipation of communication from universities around A-Level results day to trick students into sharing personal data.” ‘By not implementing simple, yet effective email authentication best practices, Universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data,’ he added.
The researchers at ProofPoint also found that the education sector saw the largest year-over-year increase in email fraud attacks of any industry in 2018, soaring 192 percent to 40 attacks per organisation on average. Institutions and organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. Cybercriminals are always going to leverage key events to drive targeted attacks using social engineering techniques such as impersonation and universities are no exception to this.
In response to the research, the National Cyber Security Centre (NCSC) said the majority of cybersecurity incidents were caused by a lack of awareness, and so it worked closely with universities and other education bodies to improve their security measures and provide information on best practices.