chat
expand_more

Protecting Higher Education: Rise of Email Attacks Impacting Students, Faculty, and Staff

Colleges, universities, and higher education facilities are hot targets for cybercriminals looking to steal personal data and intellectual property. Defend yourself.
July 13, 2023

Higher education plays a crucial role in developing students and providing valuable research, while also being the recipient of millions of dollars in grant funding and donations each year. Unfortunately, this makes colleges and universities prime targets for cyberattacks as bad actors look to steal personal information, access funds or intellectual property, and make ransom demands. As such, cybersecurity must be a top priority for higher education institutions hoping to protect the privacy and security of their students, faculty, staff, alumni, and investments.

Phishing Attacks Flood Higher Education

Phishing attacks are a common hook in the cybercriminal’s tacklebox. By sending malicious links in seemingly legitimate emails, attackers deceive targets into sharing usernames, passwords, or financial information. And if malicious actors capture important information, they often use it for additional attacks—using compromised accounts to send even more legitimate-looking emails across campus.

For example, just last year Duke University suffered a massive phishing campaign. The attack was launched in two phases, first using non-Duke email addresses that encouraged students to share sign-in information to avoid losing account access. Attackers then used these stolen passwords to launch a second wave of attacks from Duke email addresses in hopes of stealing financial information.

Over the past year, phishing attacks against higher education institutions have risen. Brief reprieves sometimes accompany holidays and summer breaks, but once classes resume, attackers ramp up their attempts in hopes of ensnaring staff and students. For example, there was an average of 18.5 phishing attacks per 1,000 mailboxes each week in the first half of 2022. In comparison, the first half of 2023 saw an average 74 phishing attacks per week.

Infographics for Cybersecurity in Higher Ed Blog Attacks per 1 K MB 1

Malware, Ransomware, and Scams Targeting Higher Education

While phishing makes up half of the cyberattacks against higher education, extortion, scams, and malware are still major concerns.

Infographics for Cybersecurity in Higher Ed Blog Proportion of Attacks 1

In 2020, the University of California, San Francisco (UCSF) experienced a ransomware attack that compromised patient records at its School of Medicine. UCSF made the difficult decision to pay a portion of the ransom to unlock the maliciously encrypted data—costing them $1.14 million.

But while the UCSF incident is notable for its high cost, these attacks are fairly common. More recently in June 2023, a malware attack took the digital services at Stephen F. Austin State University offline. Bluefield University in Virginia was hit with ransomware in April of the same year.

Business Email Compromise Takes Aim at Higher Ed

Higher education institutions are also targets for business email compromise or BEC. By impersonating legitimate contacts, attackers use social engineering tactics to steal personal information and redirect financial transactions. Southern Oregon University, for instance, lost $1.9 million in a BEC scheme that tricked employees into a fraudulent transfer in 2017.

BEC attacks have the potential to spiral out of control quickly. In 2019, Oregon State University reported a security incident in which hackers compromised an employee’s email account. From there, the hacker sent phishing emails to students and alumni. Still worse, the compromised account had access to the names, birthdates, and social security numbers of more than 600 students.

Unfortunately, BEC and social engineering attacks could become even more convincing with generative AI. Bad actors can use ChatGPT, Google Bard, and similar tools to research targets and quickly produce high-quality text copy to trick victims.

Protecting Colleges and Universities Against Cyberattacks

Email is a soft target for cyberattackers. It’s a numbers game of sending a slew of malicious emails in hopes that a few succeed, and while faculty/staff may be aware of malicious attacks, students are likely not as security-conscious—making them an easy target for initial entry into the university email system.

Since attackers only need to land an attack to succeed, the pressure is on colleges and universities to combat risks before they become problems. This requires proactive cybersecurity with tools that preempt malicious behavior before it hits your inbox. By understanding and developing an organizational baseline of good behavior, cloud-based email platforms like Abnormal go beyond traditional email security to detect emerging attacks and remediate compromised accounts—before they can be used to gain additional access.

Explore what Abnormal can do for your college or university by downloading our higher education datasheet, or scheduling a demo today!

Schedule a Demo
Protecting Higher Education: Rise of Email Attacks Impacting Students, Faculty, and Staff

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More