Font Size: A A A


BEC attack

Educational institutions are more than twice as likely to be targeted by a business email compromise (BEC) attack than an average organisation. In fact, more than one in four spear-phishing attacks that targeted the education sector was a carefully crafted BEC attack. For reference, just 11 per cent of spear-phishing attacks across all sectors are reported to be BEC attacks, according to a study by a network and cloud security product firm.

Also, phishing attacks made up 41 per cent of all attacks targeting education, 28 per cent were made up by ‘scamming’ attempts, and 3 per cent were said to be related to ‘extortion’.

Barracuda Networks also observed that there was a drop-off in spear-phishing attacks against the education sector in July and August when schools were closed for summer break – these months saw a drop in cyber attacks of ten per cent to 14pc below average. However, June and September, which are usually the last and first months of the academic year, saw a surge in spear-phishing attacks: 11 per cent higher than the average in June and 13 per cent higher in September.

In light of Covid-19, the company’s ‘Threat Spotlight’ also observed more email spear-phishing attacks using topical subject headings to grab victims’ attention. These include: ‘COVID19 NEW UPDATES’; ‘Covid-19 Update Follow Up Right Now’; ‘COVID-19 SCHOOL MEETING’ and ‘Re: Stay Safe’.

Michael Flouton, VP Email Protection for Barracuda, says: “Cyber attackers have come to understand that education institutions don’t often have the same level of security sophistication as in other organisations, and therefore, they will send carefully crafted email messages designed to trick unknowing and untrained victims into leaking personal or confidential information, such as log-in credentials, student records, or payment information.

“In light of Covid-19 and the transition to remote learning environments, the quantity of data stored on school and university servers has surged, and thus, so too has the quantity of cyber attacks facing them.

“Therefore, schools and universities must combat this threat by investing in email security that leverages artificial intelligence to help identify unusual senders, intercept suspicious requests and block spear-phishing attacks. Additionally, account takeover protection, security awareness education for staff and students, and a reconstruction of internal policies, are all imperative to preventing human error from leading to costly mistakes in the future.”

More on Barracuda’s October security threat spotlight at


Related News