Social Engineering Scams Higher Education Security Threat
Notice: Undefined index: dd_float_option_initial_element in /home/qualitye/public_html/wp-content/plugins/digg-digg/digg-digg.php on line 342
Notice: Undefined variable: dd_override_start_anchor_id in /home/qualitye/public_html/wp-content/plugins/digg-digg/digg-digg.php on line 351
Notice: Undefined variable: dd_override_top_offset in /home/qualitye/public_html/wp-content/plugins/digg-digg/digg-digg.php on line 352
Notice: Undefined variable: fm_appid in /home/qualitye/public_html/wp-content/plugins/facebook-members/facebook-members.php on line 71
Universities and higher education platforms have been an important target of phishing attacks for a long time now. Dealing with cyber-threats of various kinds has consequently been an important priority of network system engineers and administrators of these institutions to keep up with the attackers. Nevertheless, the cyber-attacks and phishing scams only seem to get more and more sophisticated as time passes. The most recent higher education security threat consists of social engineering scams, breaches of sensitive information through emails or another form of communication, relying on gaining the trust of people inside the network (like students and university employees).
What are Social Engineering Scams and How Do They Work?
As if identity theft during job searches aren’t bad enough. A social engineering scam is a type of cyber-attack (or scam) that relies on getting the members of the network to trust it, in order to gain access to whatever sensitive data the scam is after. An example of this strategy can be the notorious phishing scam from 2014 which targeted universities by sending emails which seemed every bit legitimate (complete with the institutions’ logo and everything). Unsuspecting university employees entered the banking data which was required of them by the scam, and ended up having their paychecks stolen as a result. The target of these attacks can be even more serious: identity theft.
Many experts have weighed in on the matter by partially blaming the open and trustful culture of universities for them becoming targeted by these attacks. Indeed, in a place where knowledge and files are by default put together and where students are arguably having a carefree existence beyond the stress of studying for their next assignments, social engineering scams may be more successful in convincing people to share their sensitive data. Such data could even be an unsuspecting student’s security number and ID data, thus leading to the dreaded identity theft.
How Universities Fight These Higher Education Security Threat
The good news is that the more this problem gets debated, the more universities (and virtually everyone else) can become better equipped to deal with this sort of threat. Higher education is definitely fighting back, through more than one way of containing these threats and spreading the awareness of them. The first method of fighting back is, ironically, the prodigal open sharing culture of universities: through conferences dedicated to protection against social engineering scams, both students and faculty staff regularly become more aware of the recent threats and how to handle them.
Also, there are several research and action centers specifically created to investigate IT networking in research and education, which recently took on the task of looking into these cyber-threats. One such group is the EDUCAUSE Center for Analysis and Research, or the REN-ISAC (Research and Education Networking Information Sharing and Analysis Center). Such centers allow universities to place their knowledge about cyber-attacks in one place in order for all other universities to benefit from it. This is also what helped contain the 2014 crisis, and will very likely continue to avert and contain further social engineering scams.
Another method implemented to help tighten up the security of higher education networks (and preferably without compromising on the open sharing culture) is the two factor authentication method (also known as 2FA). This allows a less ambiguous authentication of a network’s users by requiring them to probe their identity via two different means (both the computer they use and their phone, for example). The banking authentication systems you may be familiar with function similarly (by requiring you to submit a code received in an SMS when you attempt to log into your online account). It may be an extra step and slightly time-consuming, but if it helps contain social engineering scams or other security threats aiming for identity theft, then the 2FA system couldn’t be more welcome.