More than four-fifths (85%) of the UK’s top 20 universities are putting their students, staff and suppliers at risk of email fraud, according to a new study by Proofpoint.
The researchers found that just 15% of the universities have implemented the recommended and strictest level of domain-based message authentication, reporting and conformance (DMARC). DMARC is an email validation protocol that verifies that the domain of the sender has not been impersonated.
The findings have come amid surging phishing attacks targeting the education sector since the start of the COVID-19 pandemic. For example, last year, a Barracuda Networks study showed that schools, colleges and universities are being disproportionately targeted by spear-phishing attacks. Experts believe that cyber-criminals increasingly view the industry as a soft target.
Encouragingly, 70% of the universities included in the analysis have published a DMARC record, representing a 100% increase since 2019. Therefore, more than two-thirds of these institutions have recognized the need to implement DMARC protocols.
However, six universities out of the 20 had no DMARC record.
Adenike Cosgrove, a cybersecurity strategist at Proofpoint, commented: “Our research has shown that many UK universities are still exposing people to cyber-criminals on the hunt for personal and financial data by not implementing simple, yet effective email authentication best practices. Email continues to be the vector of choice for cyber-criminals and the education sector remains a key target.
“Organizations in all sectors should deploy authentication protocols, such as DMARC, to shore up their email fraud defenses. Cyber-criminals pay close attention to major trends and will drive targeted attacks using social engineering techniques such as impersonation, and universities are no exception to this. As the university terms begins, students and staff must be vigilant in checking the validity of all emails, especially when levels of uncertainty and anticipation are higher at the beginning of a new term.”