Students have been warned to be careful of potential phishing emails after some of the UK’s top universities failed to carry out adequate protection against cyber-attacks.
Email security and software company, Proofpoint, discovered that of the UK’s top 20 universities, 65% of them had not published Domain Fraud Prevention (DMARC) records.
DMARC is a government recommended system that verifies emails sent to organisations, including universities, preventing hackers from contacting and scamming potential recipients.
Adding to this, a mere 5% of these universities had signed up to the most secure level of protection and only 35% of them were using a form of protection that was below the recommended amount.
Not using this safeguarding could mean that students attending the establishments that have not switched on DMARC, which includes Oxford and Cambridge, are liable to receive phishing emails from scammers pretending to be officials at the universities.
Inadequate protection for students
The caution comes just a few weeks before A-level students are expected to get their results after which, many of them will have high levels of communication with universities. Meaning, it could be much harder for students to decipher real emails from fake ones.
Kevin Epstein, Proofpoint’s head of threat operations says, “By not implementing simple, yet effective email authentication best practices, universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data,”
Other forms of safety
A spokesman for Cambridge University said: “DMARC is one of several systems that can be used to deal with fake and phishing emails. The University uses alternative systems to detect forged sender addresses – using several layers of spam/phishing filtering technology – and to identify trusted sources of our emails to receiving servers…In addition, the University uses training and continual communications to make our staff and students aware of phishing and scam emails; we have a dedicated security incident response team who look for and respond to incoming phishing and scam emails.”
Proofpoint says there has been an increase of 200% of spoof emails since last year.