Kaspersky finds fraudsters launch phishing attacks on universities to steal private research and student information

Woburn, MA – August 29, 2022 — Back to school season is traditionally a profitable time for cyber criminals as millions of students around the world are getting ready to make tuition payments, purchase school supplies, books, etc. With universities becoming more concerned about their networks’ cybersecurity, attackers find ways to breach these systems by targeting inattentive students, staff and professors. Kaspersky experts highlight intensified phishing campaigns with fraudsters exploiting the names of worlds’ biggest universities.

University-specific phishing pages are usually well-crafted and mimic official university webpages or online learning management systems. Once users visit false pages, they are duped into sharing personal information like account credentials, IP addresses or location data.

The importance of universities’ corporate account safety is often underrated when referring to  organizations’ data protection. Famous educational institution names, some with critical research centers operating in various fields from political economy to nuclear physics, are used as a lure to distribute phishing pages. With governments and large corporations often purchasing research studies from these universities, it makes the sensitive data they possess extremely valuable for attackers.

By accessing students’ or employees’ accounts, the attacker may access personal information of their victims but also their educational plans, payment information and timetable of classes. This carries the risks of online threats transitioning to real life stalking and abuse.

“Education becoming more digitalized is a beneficial shift,” said Olga Svistunova, security expert at Kaspersky. “Not only will learning management systems allow students to maximize their academic progress in the most efficient way, but more people across the world get a chance to learn from best professors at the biggest universities. This also widens the spectrum of threats student face. Scammers are luring students to give away their personal credentials to access data containing not only unique expertise but also private and potentially compromising information.”

Kaspersky recommends the following measures to safeguard systems and young people against education fraud:

• It will be safe to check the link before clicking. Hover over it to preview the URL, and look for misspellings or other irregularities.
• Introduce some form of two-factor authentication for information systems, especially web-based ones, and particularly for access to student records, grades and assessments. Set strong and appropriate access controls, so that it is not easy for a hacker to move laterally through the system.
• On campus, have two separate and secure wireless networks, one for staff and one for students, and another one for visitors if you need it.
• Introduce and enforce a robust staff password policy and encourage everyone to keep their access credentials confidential at all times. Never use the same password for several websites or services, because if one is stolen, all your accounts are under risk. To create strong hack proof passwords without having to face the struggle of remembering them, use password managers, such as Kaspersky Password Manager.
• Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Endpoint Security for Business.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Media Contact:

Cassandra Faro

Cassandra.Faro@Kaspersky.com

781-503-1812