Select Page

Have you ever looked at a phishing email and wondered, how could anyone possibly fall prey to that? Although your students and employees may be less susceptible than others, hackers are evolving in their sophistication, creativity, and maliciousness by the day. What previously seemed overly opportunistic is now becoming increasingly lucrative, and as we’ve recently learned, fraudsters are targeting the higher education space. Let’s investigate how phishing has made its way on campus in the past and strategize how we can work together to protect your university going forward.

Size of the prize

Besides for being able to serve a campus full of students and employees who check email religiously, cybercriminals know the merits of infiltrating a higher education network. By obtaining bank accounts, social security numbers, addresses, and other personal information from unknowing students and employees, they can socially engineer their way to immense profits by unlocking payment cards or piecing together personal data on the dark web.

The devil is in the detail

One recently discovered phishing scheme attempted to target a Florida community college by leveraging a fake active shooter alert. As KnowBe4 CEO Stu Sjouwerman noted, by exploiting current concerns over active shooters on campus, the attack hinged on generating “panicked, reflexive clicks from recipients who [were] already on edge over the recent shooting at Marjory Stoneman Douglas High School — also in Florida”. Remember, all it takes is a few clicks before a phish can collect sensitive information.

A Canadian University is still trying to recover its losses after discovering that it was defrauded $11.8M in August 2017. The staff received fake emails from a fraudster posing as a vendor and requesting a change in banking information. Only when the actual vendor company called the university asking for payment did the staff realize the breach, but it was too little, too late. Although $11.4M was traced to accounts in Montreal and Hong Kong, the remainder is still missing.

Some schemes work in tandem, targeting both students and employees. According to a PSA from the FBI just a few years ago, phishers are now enticing students by offering them pseudo work-from-home job opportunities. After coaxing them into providing bank information “under the guise of a direct deposit”, scammers redirect employee payroll deposits to the student’s account. Then, they ask the student to wire back a portion of the deposit as a refund, effectively turning the unaware student into an accomplice to fraud.

The other end of the double-edged phish notifies university employees of a change to their human resource status. Once employees click the email link and enter their logins into a fake page, their information is stolen and paychecks are rerouted.

Drop in the ocean

Now you’re wondering how your university can protect its students and employees from being reeled in by phishing. Instead of overwhelming you with myriads of solutions, we’ve categorized them into general buckets and brainstormed some solutions:

Top-of-the-funnel- install advanced spam filtering solutions that includes anti-phishing capabilities

Bottom-of-the-funnel- consider a web filtering program that can block end users from opening phishy websites

Ongoing- establish a training program for students and employees during orientation

However, any of these alone is not enough. Drawing the analogy between phishing and fishing, simply placing a “do not fish here” sign near your local lake isn’t enough to stop everyone. By adding controls at all touchpoints, you can stop phishing from pervading across your campus.

The best part is, you don’t have to go at it alone. Partner with Arrow Payments, the team on your team. We’ll do all the heavy lifting to help protect your student’s, customer’s and donor’s credit card payment information. Then if you do suffer a phishing attack, at least you don’t have to worry about it resulting in the fines, losses and reputational damage of a credit card data breach.

What are you waiting for? Set up 30 minutes to learn more today:

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

What to Know During the PCI DSS v4.0 Transition

What to Know During the PCI DSS v4.0 Transition

The Payment Card Industry Data Security Standard (PCI DSS) is focused on protecting cardholder data. As fraud and cybercriminals evolve, so must the standards by which organizations secure data, which is why we're in a phase of PCI DSS v4.0 Transition. The aim of the...

Understanding Real-Time Payments for Higher Ed

Understanding Real-Time Payments for Higher Ed

Real-time payments continue to gain momentum in 2022, especially as a new economic environment spurs the need for faster payments. As cross-border payments continue to gain steam, real-time payments show promise to aid those capabilities, too. The focus has long been...

What’s New in Treasury Tech?

What’s New in Treasury Tech?

Treasury departments hold a critical role in driving success for companies. Between financial planning, managing payments, and mitigating future risk, treasury departments must stay apprised of the latest technology developments to manage these responsibilities well. ...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery