University IT teams must remain vigilant as phishing, vishing and smishing attacks all represent a threat.
Higher education institutions have long been aware that cybercriminals target their faculty, staff and students through phishing attacks. Recently, the problem has gotten worse: The FBI issued a warning that as of January 2022, Russian criminal forums were offering for sale or giving away credentials and VPN access to many U.S.-based colleges and universities.
Criminals use stolen credentials for multiple purposes, often for access to intellectual property or prepublication technical writing. They may target staff, stealing credentials to gain access to financial systems. Individuals may be targeted in an attempt to drain their bank accounts, steal their credit card information or conduct fraudulent transactions. And because people reuse their credentials, stolen passwords can be used for brute-force credential-stuffing attacks across affiliated organizations.
One of the most concerning issues for higher education is that phishing scams have moved beyond the traditional email-based approach and now utilize other channels such as social media, phone calls, voicemail, text messages and more…