Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Bogus intranets scam university students

Pwn in the USA

Article comments

Universities and their population of students have been marked out as the next soft target by online criminals, security company RSA has reported.

In recent weeks, the company has detected a sudden rise in targeted attacks on US universities - particularly public state institutions - against internal websites used to serve students with services such as webmail. Such servers often contain personal data such as grades, names, addresses, and payment information.

The company offers screenshots from one attack in its February Online Fraud Report, that of a bogus website purporting to belong to an unnamed university. It is not clear how a student would have found such a site assuming a direct URL was already in existence, but any student logging into what appeared to be the official webmail site would have had their data harvested.

RSA is unsure as to the specific motivation for the hacks, but speculates that gaining access to an internal server could serve various purposes, including launching phishing attacks that impersonate official communication, gaining access to personal data to launch identity theft attacks at a later date, or setting up student loan scams.

It is also possible, the company says, that criminals want student contacts details in order to recruit them to act as digital ‘mules' for funds stolen from online banks accounts, although there is no hard evidence that students would be any more likely to engage in illegal activity of this kind than other groups.

The surprise is perhaps that universities have thus far been relatively ignored. Uniquely, they feature large populations of inexperienced Internet users open to most forms of digital experimentation going.

"Today's college students are very Internet-savvy and open to sharing lots of personal information online, and unfortunately, not as concerned when it comes to taking appropriate measures to protect their identity online," comment the report authors.

"The recent spike in phishing attacks on US colleges and universities will hopefully serve as a wake-up call for these institutions to take proactive measures to safeguard the personal information of their students and staff members," they conclude.

The report deals with US-based institutions but could also apply to universities and students elsewhere. UK universities use web and Intranet systems with similar-looking login pages. The US's special vulnerability is the size and value of its education sector.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *