Security

Seven in ten UK unis admit being duped by phishing attacks

Not so smart now, eh?

By John Leyden

16 SHARE

Seven in ten UK universities have admitted falling victim to a phishing attack in which an individual has been tricked into disclosing personal details via an email purporting to be from a trusted source.

The figure comes from a Freedom of Information (FoI) request by Duo Security to 70 universities across the UK, of which 51 responded. Seven universities, including those with GCHQ-certified degree courses – Oxford and Cranfield University – reported they had been targeted more than 50 times in the 12 months prior to November 2016.

The findings, released Wednesday, follow a recent warning from Action Fraud, the UK's fraud and cybercrime reporting centre, about a phishing scam specifically targeting UK university staff. The bogus email claims the recipient is due for a pay increase, before directing them to click on a link and enter financial details and university logins.

Henry Seddon, vice president EMEA for Duo Security, commented: "The challenge is that phishing attacks are increasingly sophisticated – a targeted spear phishing attack can be particularly difficult to spot – but they can ultimately compromise the security of the entire network. They open the doors to hackers, with stolen credentials, to access an organisation's system virtually undetected, posing as an authorised user. Worryingly, phishing is now the most popular way of delivering ransomware on to an organisation's network."

More details on the FOI – alongside advice on avoiding phishing attacks – can be found in a blog post by Duo Security here. ®

Sign up to our NewsletterGet IT in your inbox daily

16 Comments

More from The Register

FBI fingers North Korea for two malware strains

'Joanap' and 'Brambul' harvest info about your systems and send it home

Ignore that FBI. We're the real FBI, says the FBI that's totally the FBI

Don't open that malware mail from the Feds that's not from the Feds, Feds warn

How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

If you run a website with user accounts, take a look at this research, ta

FBI to World+Dog: Please, try turning it off and turning it back on

Feds trying to catalogue VPNFilter infections

Hey you smart, well-paid devs. Stop clicking on those phishing links and bringing in malware muck on your shoes

At Node Summit, coders served some humble pie

FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

Feds warn admins malware is rather tough to destroy

Apple's iOS password prompts prime punters for phishing: Too easy now for apps to swipe secrets, dev warns

Fake login request boxes spark formal bug report

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

Alert adds detail to 'Dragonfly' cyber-attack disclosed last year

Password re-use is dangerous, right? So what about stopping it with password-sharing?

If Facebook knows you use the same password on Twitter, both can hassle you to change

Leatherbound analogue password manager: For the hipster who doesn't mind losing everything

Notebook undermines years of good security hygiene with style