Higher education institutions have long been aware that cybercriminals target their faculty, staff and students through phishing attacks. Recently, the problem has gotten worse: The FBI issued a warning that as of January 2022, Russian criminal forums were offering for sale or giving away credentials and VPN access to many U.S.-based colleges and universities.
Criminals use stolen credentials for multiple purposes, often for access to intellectual property or prepublication technical writing. They may target staff, stealing credentials to gain access to financial systems. Individuals may be targeted in an attempt to drain their bank accounts, steal their credit card information or conduct fraudulent transactions. And because people reuse their credentials, stolen passwords can be used for brute-force credential-stuffing attacks across affiliated organizations.
One of the most concerning issues for higher education is that phishing scams have moved beyond the traditional email-based approach and now utilize other channels such as social media, phone calls, voicemail, text messages and more.
Click the banner below to receive exclusive content about cybersecurity in higher ed.
How Phishing Attacks Work, and Why They Succeed
Phishing attacks are wildly successful: 91 percent of all cyber breaches include phishing, according to Deloitte. Traditional phishing involves sending an email that looks legitimate, purporting to come from the institution or…
