Hackers are attacking American universities at the start of the new school year. Universities are especially vulnerable to hacks due to several factor. For example,the high rate of user turnover makes it relatively easy for attackers to impersonate students and personnel. Some information management figures in the academic world also espouse limits on barriers to data access, which invites attacks. Recent incidents include:
- University of Missouri: A phishing scam posing as the Democratic Party seeking interns ended up in the inboxes of most faculty, staff and students at the Columbia campus. UM student email lists are available to anyone requesting them through the school’s open records portal for a charge of $150 for each campus.
- University of Oregon: Targeting UO email accounts, a phishing attack appeared as a message sent by other UO students with a message that cannot be displayed unless the user clicks on the image.
- Rollins College: Attackers sent out varying emails under the pretense of banks such as Wells Fargo, Bank of America, and Chase Bank to gather Rollins Outlook login information. Some links included in these messages also attempted to load malware.
- University of Arkansas: An elaborate phishing scam requesting that users access documents related to a 2018 salary increase is hitting UARK inboxes.
Andy Norton, director of threat intelligence at Lastline:
“A breach of usernames and passwords would expose further personal details if someone logged into the internal systems using them. In addition to making sure passwords and other login credentials are changed immediately, students, faculty and staff members should consider implementing two factor authentication to improve resilience.”