Security News > 2022 > August > Universities are at risk of email-based impersonation attacks

The research found that 97% of the top ten universities across each country are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud.

None of the top U.S. and U.K. universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.

"Email remains the most common vector for security compromises across all industries. In recent years, the frequency, sophistication, and cost of cyber attacks against universities has increased. It's the combination of these factors that make it especially concerning that the premier universities in the U.S. are currently the most vulnerable to attack."

The lack of protection against email fraud is commonplace across the tertiary education sector, exposing countless parties to impostor emails, also referred to as business email compromise.

"Email authentication protocols like DMARC are the best way to shore up email fraud defenses and protect students, staff, and alumni from malicious attacks. As holders of vast amounts of sensitive and critical data, we advise universities across the U.S. to ensure that they have the strictest level of DMARC protocol in place to protect those within their networks."

"People are a critical line of defense against email fraud but remain one of the biggest vulnerabilities for organizations. DMARC remains the only technology capable of not only defending against but eliminating domain spoofing or the risk of being impersonated. When fully compliant with DMARC, a malicious email can't reach your inbox, removing the risk of human interference," concluded Kalember.

News URL

https://www.helpnetsecurity.com/2022/08/04/universities-email-based-impersonation-attacks/