Protecting Higher Education: Rise of Email Attacks Impacting Students, Faculty, and Staff

Colleges, universities, and higher education facilities are hot targets for cybercriminals looking to steal personal data and intellectual property. Defend yourself.
July 13, 2023

Higher education plays a crucial role in developing students and providing valuable research, while also being the recipient of millions of dollars in grant funding and donations each year. Unfortunately, this makes colleges and universities prime targets for cyberattacks as bad actors look to steal personal information, access funds or intellectual property, and make ransom demands. As such, cybersecurity must be a top priority for higher education institutions hoping to protect the privacy and security of their students, faculty, staff, alumni, and investments.

Phishing Attacks Flood Higher Education

Phishing attacks are a common hook in the cybercriminal’s tacklebox. By sending malicious links in seemingly legitimate emails, attackers deceive targets into sharing usernames, passwords, or financial information. And if malicious actors capture important information, they often use it for additional attacks—using compromised accounts to send even more legitimate-looking emails across campus.

For example, just last year Duke University suffered a massive phishing campaign. The attack was launched in two phases, first using non-Duke email addresses that encouraged students to share sign-in information to avoid losing account access. Attackers then used these stolen passwords to launch a second wave of attacks from Duke email addresses in hopes of stealing financial information.

Over the past year, phishing attacks against higher education institutions have risen. Brief reprieves sometimes accompany holidays and summer breaks, but once classes resume, attackers ramp up their attempts in hopes of ensnaring staff and students. For example, there was an average of 18.5 phishing attacks per 1,000 mailboxes each week in the first half of 2022. In comparison, the first half of 2023 saw an average 74 phishing attacks per week.

Infographics for Cybersecurity in Higher Ed Blog Attacks per 1 K MB 1

Malware, Ransomware, and Scams Targeting Higher Education

While phishing makes up half of the cyberattacks against higher education, extortion, scams, and malware are still major concerns.

Infographics for Cybersecurity in Higher Ed Blog Proportion of Attacks 1

In 2020, the University of California, San Francisco (UCSF) experienced a ransomware attack that compromised patient records at its School of Medicine. UCSF made the difficult decision to pay a portion of the ransom to unlock the maliciously encrypted data—costing them $1.14 million.

But while the UCSF incident is notable for its high cost, these attacks are fairly common. More recently in June 2023, a malware attack took the digital services at Stephen F. Austin State University offline. Bluefield University in Virginia was hit with ransomware in April of the same year.

Business Email Compromise Takes Aim at Higher Ed

Higher education institutions are also targets for business email compromise or BEC. By impersonating legitimate contacts, attackers use social engineering tactics to steal personal information and redirect financial transactions. Southern Oregon University, for instance, lost $1.9 million in a BEC scheme that tricked employees into a fraudulent transfer in 2017.

BEC attacks have the potential to spiral out of control quickly. In 2019, Oregon State University reported a security incident in which hackers compromised an employee’s email account. From there, the hacker sent phishing emails to students and alumni. Still worse, the compromised account had access to the names, birthdates, and social security numbers of more than 600 students.

Unfortunately, BEC and social engineering attacks could become even more convincing with generative AI. Bad actors can use ChatGPT, Google Bard, and similar tools to research targets and quickly produce high-quality text copy to trick victims.

Protecting Colleges and Universities Against Cyberattacks

Email is a soft target for cyberattackers. It’s a numbers game of sending a slew of malicious emails in hopes that a few succeed, and while faculty/staff may be aware of malicious attacks, students are likely not as security-conscious—making them an easy target for initial entry into the university email system.

Since attackers only need to land an attack to succeed, the pressure is on colleges and universities to combat risks before they become problems. This requires proactive cybersecurity with tools that preempt malicious behavior before it hits your inbox. By understanding and developing an organizational baseline of good behavior, cloud-based email platforms like Abnormal go beyond traditional email security to detect emerging attacks and remediate compromised accounts—before they can be used to gain additional access.

Explore what Abnormal can do for your college or university by downloading our higher education datasheet, or scheduling a demo today!

Schedule a Demo
Protecting Higher Education: Rise of Email Attacks Impacting Students, Faculty, and Staff

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Sans Recap 7 11 24
Discover trends among modern SOC teams, including misaligned budgets, increased automation, unsatisfactory AI tools, staffing issues, and more.
Read More
B State and Local Government Attack Trends
Advanced attacks targeting state and local governments are increasing. Discover what our research revealed about this alarming trend.
Read More
B Examining Employee Engagement with Email Attacks
Cybercriminals know that humans are your enterprise's biggest vulnerability and are successfully engaging with your employees at an alarming rate.
Read More
Explore how Abnormal’s AI Security Mailbox enhances cybersecurity by engaging and educating employees with personalized GenAI responses. Improve security awareness and streamline operations.
Read More
B Q2 2024 Attacks
In the second installment of our quarterly look-back at malicious emails, we examine 5 more recent noteworthy attacks detected and stopped by Abnormal.
Read More