Experts from the cybersecurity company Kaspersky found phishing attacks are now starting to target universities to steal research data to student personal information.
“Education becoming more digital is a beneficial change. However, it also broadens the spectrum of threats students face. Cybercriminals can lure students into providing their personal credentials to access data that contains not only unique skills but also personal and potentially harmful information.” say
Kaspersky security expert, Olga Svistunova, through a press release, quoted Monday (12/9).
According to him, the name of a well-known educational institution is often used as an attraction to distribute phishing pages. Moreover, the government and large companies often buy research studies from these universities. Thus, sensitive data held by universities becomes very valuable for cybercriminals.
Read also: Digital Literacy Prevent Internet Users from Potential Cyber Crimes
In carrying out their actions, university-specific phishing pages are usually well-crafted and imitate official university web pages or online learning management systems.
After a user visits a fake page, they are asked to share personal information such as account credentials, IP address, or location data.
After successfully accessing student or employee accounts, attackers can access not only the victim’s personal information, but also education plans, payment information, and class schedules. It would be risky to turn to stalking and abuse in real life.
For this reason, Kaspersky recommends several steps to protect the system from fraud under the guise of education, one of which is to always check links carefully before they are clicked. Look for spelling mistakes or other irregularities.
Then, implement two-factor authentication for information systems, especially web-based ones, and in particular for access to student records, grades and assessments.
Establish strong and appropriate access controls, so that it is not easy for hackers to move laterally through the system.
For campus, have two separate and secure wireless networks, one for staff and one for students, and another for visitors if you need them.
Introduce and enforce a strong staff password policy and encourage everyone to keep their access confidential at all times.
Never use the same password for multiple websites or services, because in the event of a hack, all of your accounts are at risk.
To create strong hack-proof passwords without having to remember them, use a password manager, such as Kaspersky Password Manager.
Also use reliable security solutions for comprehensive protection from various threats, such as Kaspersky Endpoint Security for Business. (Ant/OL-1)