I checked my email this morning and was elated to discover that I had been personally selected for a new job opportunity! All the boxes were checked for a student in my position: good pay, great hours, and a new experience for my resume. The only problems were that the sender had no last name, there was no information about the company, and I was instructed to click an incredibly suspicious link.
Of course, this was a phishing email. As a cybersecurity enthusiast, I picked this up right away. Unfortunately, other students in my position haven’t been so lucky. Since the onset of the pandemic, college students have become a brand new target for cyber criminals. I’ve received a message like this in my university email at least once a week since last fall, and so have my peers.
So, why are college students the newest victims on the cybercrime pecking order? Well, there’s a lot of reasons. For one, we’re naive. The average 18-22 year old knows practically nothing about phishing attacks, and they would certainly not expect an attacker to show up in their school inbox. Even if a student is suspicious, they might open a malicious link or attachment out of curiosity, not understanding the implications this could have on their privacy and online safety.
It also can’t be ignored that college students are in an incredibly vulnerable position. Jobs are hard to find in 2021, and most undergraduates would do just about anything to calm the insatiable anxiety that comes with job insecurity. These attackers know this, so they use new opportunities as bait. An attractive internship is the perfect way to get college students on the hook, and that’s all these scammers need to do to steal their data.
Even worse, another popular phishing technique preys on financial insecurity. Attackers send emails including a false university bill, asking students to pay through a “portal” and threatening late fees. Some attacks even pose as financial aid awards, which can be incredibly attractive to students who struggle to pay the astronomical fees associated with higher education.
Universities are a goldmine for cybercriminals. If an attacker were to gain access to a university database, they would open up a flood of personal information including personal identifiable information such as names, drivers license information, and even social security numbers. Because universities are BYOD, they are an easy target which, if infiltrated, offer an astronomical reward.
While many universities are beginning to take precautions such as two-factor authentication and security training for employees, this new threat cannot be ignored. As attacks like this increase at an unmitigated rate, it is important for all institutions to reflect on the security of their communication. Ensuring staff and students are educated and aware of phishing attacks needs to be a top priority in 2021. To learn more about phishing attacks, check out this blog.
Encrypted messaging tools like Signal, WhatsApp, and Telegram are increasingly finding their way into businesses as secure communication solutions. While it may seem like a prudent decision to use them, … Read More