University students are at risk from phishing scams because many top universities are not following best practices to block fraudulent emails, according to research by Proofpoint.
The security firm found that 65% of the UK’s top 20 universities were not using any form of an industry-recommended email authentication tool. Whilst 35% had published a DMARC record, only one university in the top 20 was using the recommended level of DMARC protection.
The NCSC works closely with the academic sector to improve their security practices and help protect education establishments from cyber threats.
Email spoofing is much harder if domain owners adopt DMARC. The NCSC has advice available for everyone interested in configuring DMARC for domains. If you are a public sector organisation then you can also use Mail Check to help with reporting. Mail Check is the NCSC’s platform for assessing email security compliance.
In order to mitigate the risk of phishing attacks, people should be vigilant around any message that purports to be from an organisation they deal with – including universities. This is particularly important when emails ask for personal information, banking details or contains unexpected mistakes, attachments or links. The NCSC has published a guide to spotting and dealing with phishing emails.
The NCSC strongly encourages anyone who believes they have been a victim of this or other similar activity to report it to Action Fraud.
Story via https://www.ncsc.gov.uk