Pishing Attacks Start Targeting Universities, Research Data and Student Personal Information Become Targets

Illustration. (Photo: Doc. Antara/Pexels)

JAKARTA - Experts from cybersecurity company Kaspersky found that phishing attacks are now starting to target universities to steal research data and student personal information.

"Education becoming more digital is a beneficial change. But it also broadens the spectrum of threats students face. Cybercriminals can lure students into providing their personal credentials to access data that contains not unique skills but also personal and potentially harmful information", Kaspersky security expert Olga Svistunova said in a press release quoted by Antara, Sunday, September 11.

According to him, the name of a well-known educational institution is often used as an attraction to distribute phishing pages. Moreover, the government and large companies often buy research studies from these universities. Thus, sensitive data held by universities becomes very valuable for cybercriminals.

In carrying out their actions, university-specific phishing pages are usually well-crafted and imitate official university web pages or online learning management systems.

Once users visit a fake page, they are asked to share personal information such as account credentials, IP address, or location data.

After successfully accessing student or employee accounts, attackers can access not only the victim's personal information, but also education plans, payment information, and class schedules. It would be risky to turn to stalk and abuse in real life.

For this reason, Kaspersky recommends several steps to protect the system from fraud under the guise of education, one of which is to always check links carefully before they are clicked. Look for spelling mistakes or other irregularities.

Then, implement two-factor authentication for information systems, especially web-based ones, and in particular for access to student records, grades, and assessments. Establish strong and appropriate access controls, so that it is not easy for hackers to move laterally through the system.

For campus, have two separate and secure wireless networks, one for staff and one for students, and another for visitors if you need them.

Introduce and enforce a strong staff password policy and encourage everyone to keep their access confidential at all times. Never use the same password for multiple websites or services, because in the event of a hack, all your accounts are at risk.

To create strong anti-hack passwords without having to remember them, use a password manager, such as Kaspersky Password Manager. Also use reliable security solutions for comprehensive protection from various threats, such as Kaspersky Endpoint Security for Business.