Woburn, MA – October 24, 2018 – Kaspersky Lab is urging academics to be cautious online, after the company's researchers detected multiple phishing attacks hitting at least 131 universities in 16 countries. These attempts to steal sensitive university information have taken place over the last 12 months, with nearly 1,000 phishing attacks detected since September 2017. Fraudsters are hunting for account credentials of both students and employees, as well as their IP addresses, location data and more.
Although many universities are attentive to their IT security infrastructure, attackers have discovered an effective way to breach their systems – by targeting careless or uninformed users. In these attacks, threat actors will create a webpage that appears identical to the university’s website or intranet portal, but which contains a few letters in the web address that differ from the official page URL. The fraudulent sites are then spread to unsuspecting students and staff through social engineering techniques. If victims fall into the trap and enter their credentials into the fake site, their sensitive information is sent directly to the phishers.
Overall, researchers detected 961 attacks on 131 schools in the last 12 months, aimed mostly at English-speaking universities. Of the institutions targeted, 83 are located in the United States and 21 are based in the United Kingdom. Threat actors were especially interested in the University of Washington; Kaspersky Lab detected 111 attack attempts aimed at the website of this particular school. Educational institutions in Asia, Europe and Africa faced attacks as well.
“As educational institutions becomes a popular target for cybercriminals, it is essential for university IT staff to take proactive measures to prevent phishing attacks,” said Nadezhda Demidova, security researcher at Kaspersky Lab. “In addition to strengthening IT security infrastructure, university leaders should also provide training resources that can help students and staff identify and avoid targeted phishing threats.”
Kaspersky Lab recommends the following security measures for university students and staff to avoid falling into a phisher’s trap:
More information on phishing attacks facing universities can be found on Securelist.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Media Contact
Meghan Rimol
781.503.2671
meghan.rimol@kaspersky.com