Seven in ten UK unis admit being duped by phishing attacks

Not so smart now, eh?

By John Leyden

Posted in Security, 27th April 2017 12:41 GMT

Seven in ten UK universities have admitted falling victim to a phishing attack in which an individual has been tricked into disclosing personal details via an email purporting to be from a trusted source.

The figure comes from a Freedom of Information (FoI) request by Duo Security to 70 universities across the UK, of which 51 responded. Seven universities, including those with GCHQ-certified degree courses – Oxford and Cranfield University – reported they had been targeted more than 50 times in the 12 months prior to November 2016.

The findings, released Wednesday, follow a recent warning from Action Fraud, the UK's fraud and cybercrime reporting centre, about a phishing scam specifically targeting UK university staff. The bogus email claims the recipient is due for a pay increase, before directing them to click on a link and enter financial details and university logins.

Henry Seddon, vice president EMEA for Duo Security, commented: "The challenge is that phishing attacks are increasingly sophisticated – a targeted spear phishing attack can be particularly difficult to spot – but they can ultimately compromise the security of the entire network. They open the doors to hackers, with stolen credentials, to access an organisation's system virtually undetected, posing as an authorised user. Worryingly, phishing is now the most popular way of delivering ransomware on to an organisation's network."

More details on the FOI – alongside advice on avoiding phishing attacks – can be found in a blog post by Duo Security here. ®

Sign up to our NewsletterGet IT in your inbox daily

16 Comments

More from The Register

Ignore that FBI. We're the real FBI, says the FBI that's totally the FBI

Don't open that malware mail from the Feds that's not from the Feds, Feds warn

How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

If you run a website with user accounts, take a look at this research, ta

Apple's iOS password prompts prime punters for phishing: Too easy now for apps to swipe secrets, dev warns

Fake login request boxes spark formal bug report

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

Alert adds detail to 'Dragonfly' cyber-attack disclosed last year

Password re-use is dangerous, right? So what about stopping it with password-sharing?

If Facebook knows you use the same password on Twitter, both can hassle you to change

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Hacker brews fast NAND mirroring prototype for $100.

Russian malware harvesting Telegram Desktop creds, chats

Python programmer may have outed himself on YouTube

What most people think it looks like when you change router's admin password, apparently

Whopping 82% have never changed theirs – survey

MailChimp 'working' to stop hackers flinging malware-laced spam from accounts

What can you do about it for now? Sweet 2FA

Google password fill effort could kill Android malware's best tricks

Small boost to login speed could be a big roadblock for Marshmallow malware