There has been a significant increase in phishing attacks over the last years, there is no doubt about it.
Statistics show around a 30,000% increase in threats related to COVID-19, including malware, weaponised websites and phishing emails.
Not only has the number increased, phishing strategies have also changed and become more sophisticated from time to time.
Thanks to the COVID-19 Pandemic, many schools and colleges now continue to be remote. The use of emails has become a necessary part of student’s academic interaction more than ever.
At the same time, schools are reportedly to be targeted by scammers. security firm Barracuda Networks found that more than 1,000 educational institutions were targeted from June through September 2020.
These following students’ cyber-security stories show us how sophisticated phishing tricks are nowadays and how education is important to all students.
Story 1: Job opportunities as bait
In 2019, The Texas State University Information Security Office (TXST InfoSec) posted a story about how their students almost fell for an email scam with a job opportunity.
The phishing email offered a pet sitter job opportunity with a convincing story which aroused interest among students.
Phishing Trick 1.1: A legitimate-looking offer with an above-average salary
The phisher used a job opportunity to avoid suspicion. A brilliant tactic was that the offer was an “above-average salary” rather than a “too good to be true” offer, which made it seem more legitimate.
Phishing Trick 1.2: Requiring Personal contact information
The other strategy the phisher used was to suggest the target apply to the job through a personal email rather than a school email.
This prevents the phisher from being screened by the school while also giving him the chance to access personal information from the target.
Key takeaways for students:
1) Whenever you are asked for any personal contact details, be extra alert.
2) Unexpected student job offers are often scams. Most job offers are posted on official channels even the latest ones.
Story 2: Refund trap
Cygenta, a cybersecurity company posted an image of an email scam on Twitter.
This phishing email pretended to offer refunds to students which claimed that with simply a click in the email, any student can claim a decent amount of money easily.
Phishing Trick 2.1: Reciprocation
Reciprocation is one of the six basic principles of persuasion which is often used in phishing scams.
Scammers use refunds as a great strategy as refunds are a process of reclaiming money. Victims might be less suspicious of doing refunds, as they do not expect to pull money out from their wallets in this process. Therefore are more likely to provide personal information to the scammer.
Phishing Trick 2.2: Scarcity
Scarcity is one of the six principles of persuasion that scammers often use. This phishing email created a time pressure for their targets so that they had to make the decision with very little time.
Key takeaways for students:
1) Don’t fall for the time limit, a refund or any kind of subsidies never set a tight deadline for you to apply.
2) Refunds do not require any credit card details of yours. Remember, they already have all your account information when you make your first payment. They would never ask your credit card information again for a refund transaction.
Story 3: Pretending to be a staff member
A Twitter user ‘Lindsay Ranck’ who works at the Central Michigan University reminded all students in CMU not to respond to an email scam which claimed to be a personal assistant to a professor offering a job opportunity.
Phishing Trick 3.1: Authority
Authority is another principle of persuasion used by scammers as well. A good way for them to start is to pretend to be someone their targets already know. Pretending to be someone acting under the authority of the academy makes it even easier to fall into the trap.
Key takeaways for students:
1) Job offers provided by universities are usually applied through an official platform.
Be extra alert when someone offers you a job by email.
2) Check the name and the mail address of your contact who claims to be a staff member. Most of the time, you can find their names and contact information on university websites.
Solve phishing by learning them
Although we are facing a significant increase in the number of phishing emails, especially in the education sector, we can always prevent email scams by learning their tricks.
I hope these stories help you all understand how phishers trick users into providing personal information and how phishing emails are like nowadays. Again, it is always good to understand more from new phishing emails and study their tactics.
Feel free to share them with all your friends!