As part of a new wave of spear-phishing attacks, over 1,000 schools and colleges in the country were the target of cyberattacks between June and September, Barracuda Networks reported.
Spear phishing is a personalised phishing attack that targets a specific organisation or individual.
According to a LiveMint report, researchers at Barracuda found that of malicious emails sent, 57 percent were sent using compromised internal accounts.
Attackers may have gotten access to these emails through the Dark Web or social engineering. Once they were in, the mails were used to launch fresh email attacks since there is a high degree of trust associated with accounts that seem to come from legitimate people and domain names, the report said.
Findings from Barracuda Networks also showed that 86 percent of all business email compromise (BEC) attacks on educational institutions during this period were carried out via Gmail accounts.
This is because cybercriminals prefer services like Gmail that are free, the report said.
What was their method?
To make their messages appear more legitimate, attackers would send the emails loaded with terminology such as ‘principal’, ‘head of department’, ‘school’, and ‘president’.
The emails also carried a convincing subject line to grab the target’s attention. Some emails also used COVID-19 related activities such as ‘new covid guidelines’ or ‘school meeting on covid’ to create a sense of urgency that would compel a user to click on their malicious link.
“As schools and colleges continue to teach students remotely, it makes both the parties vulnerable to cyberattacks. While online teaching and learning is a crucial part of the new normal, it is also important for students and teachers to act mindfully before, during and post the online classes,” cautioned Murali Urs, country manager-India, Barracuda Networks, in a statement, the report said.