Universities targeted by phishing attacks

Provided by: P. ATHANASIADES & Co. SA

Kaspersky Lab draws the attention of academics during their online tours as numerous digital attacks have been detected in at least 131 universities in over 16 countries.

These attempts to intercept sensitive academic information have been intensified over the last 12 months; more than 1,000 phishing attacks have been recorded since September 2017.

Fraudsters seek the “login information” of workers and students, the “IP addresses” and “location data”. In most cases, they create a website for entering “input data” into digital university systems, seemingly identical to the original.

While the importance of the connection data of employees in banks or employee passwords to industrial companies are obvious, personal accounts of students and university staff seem insignificant targets for cybercriminals. In fact, the information that could be found through successful “phishing attacks” at universities may be even more valuable: their databases contain information with huge impact and exclusive research on various topics, from economy to nuclear physics.

Besides -as many academic bodies work together with leading PhD dissertations- threatening agencies may have access to data that contains not only unique information but possibly critical information about companies.

Although universities pay attention to the security of their information systems, attackers find ways to break their systems, targeting the most “weak link”, careless users. In most threat scenarios, the attackers created a website that resembled the website of the university but differed from it in a few letters at the web address. Victims are likely to fall into the trap and enter their credentials by sending their sensitive information to “phishers”, especially if they use the appropriate “social engineering techniques”.

Altogether, researchers detected 961 attacks, in 131 schools, mostly aimed at English-speaking universities. 83 of the targeted institutions are in the US and 21 in the United Kingdom. Threatening operators are particularly interested in “Washington University”: “Kaspersky Lab” has detected 111 attacks on that school. Statistics show that educational institutions in Asia, Europe and Africa have also been attacked.

“Kaspersky Lab” recommends that you take the following “security measures” to avoid falling into the “phishers” trap:

  • Always check the sender’s “link” and “email” to see if it is genuine before clicking on it; rather, do not click on the “link”, but type it in the browser’s “address bar”. If you are not sure that the site / sender is real and secure, never enter your “login information”. If you think you could have entered your “login” and “password” into a “fake” page, change your password immediately.
  • Never use the same “password” for several sites or services, because if any of them is stolen, all your accounts are in danger. To create powerful passwords that will hardly fall into the hands of “hackers” -without having to remember them all- use “password managers”, such as “Kaspersky Password Manager”.
  • To ensure that no one interferes with your connection to replace -without being perceived- genuine websites with fake ones, or to block web traffic, always use a secure connection. Only use secure “Wi-Fi” with strong encryption and password or implement “VPN” solutions that encrypt traffic. For example, “Kaspersky Secure Connection” will automatically enable encryption when the connection is not secure enough.
  • When using your own device for surfing the web, even on a portable device, always use a powerful security solution to alert you if you are trying to visit a “phishing site”.
  • Organizations need to train their employees to never share sensitive data such as “login” and “passwords” with third parties and not to “click” on “links” from unknown senders or suspicious “emails”.
  • Organizations will also need to implement a robust security solution for “anti-phishing” end points such as “Kaspersky Endpoint Security for Business” to detect and prevent “spam” and “phishing” attacks.

 

Source: www.pestaola.gr

(Συνολικές Επισκέψεις: / Total Visits: 24)

(Σημερινές Επισκέψεις: / Today's Visits: 1)
Σας αρέσει το άρθρο; / Do you like this post?
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.