In 2017, a Ponemon Institute report found that the cost of data breaches in education has hit an all-time high, at $245 per record. In addition, a recent report by Digital Citizens Alliance found that .edu addresses are at high risk for cyber theft.
To help schools and other organizations improve their information security, digital security vendor Cofense recently released a report on trends in phishing attempts. To produce the report, the company analyzed data from 1,400 of its clients in 23 industries around the world.
According to the report, 66% of phishing emails in education include an invoice attachment that tempts users to click an infected link. Another 28% use a payment notification scheme, and 6% use online order ploys.
These emails most commonly include subject headers like “invoice,” “payment remittance,” “statement,” and “payment.” In fact, seven of the top 10 headers for phishing emails in Cofense’s analysis included the word “invoice.” More than half (53%) of these emails aimed to collect user logins and allow hackers to “establish a network foothold,” the report found.
The report also suggests that nearly half (45%) of malware across all segments “lurks” in Microsoft Office macros. And because Office macros are “the Domino’s of malware delivery,” the report recommends that schools disable them in emails or block “gray-list” documents from unknown sites or known malware sources.
The report also recommends training users “to view attachments suspiciously,” especially if they include invoices or orders. And users need to be on high alert during “intense periods of financial processing.” (Schaffhauser, Campus Technology, 10/15).