Universities and their population of students have been marked out as the next soft target by online criminals, security company RSA has reported. Universities and their population of students have been marked out as the next soft target by online criminals, security company RSA has reported.In recent weeks, the company has detected a sudden rise in targeted attacks on US universities – particularly public state institutions – against internal websites used to serve students with services such as webmail. Such servers often contain personal data such as grades, names, addresses, and payment information.The company offers screenshots from one attack in its February Online Fraud Report, that of a bogus website purporting to belong to an unnamed university. It is not clear how a student would have found such a site assuming a direct URL was already in existence, but any student logging into what appeared to be the official webmail site would have had their data harvested.RSA is unsure as to the specific motivation for the hacks, but speculates that gaining access to an internal server could serve various purposes, including launching phishing attacks that impersonate official communication, gaining access to personal data to launch identity theft attacks at a later date, or setting up student loan scams. It is also possible, the company says, that criminals want student contacts details in order to recruit them to act as digital ‘mules’ for funds stolen from online banks accounts, although there is no hard evidence that students would be any more likely to engage in illegal activity of this kind than other groups.The surprise is perhaps that universities have thus far been relatively ignored. Uniquely, they feature large populations of inexperienced Internet users open to most forms of digital experimentation going. “Today’s college students are very Internet-savvy and open to sharing lots of personal information online, and unfortunately, not as concerned when it comes to taking appropriate measures to protect their identity online,” comment the report authors.“The recent spike in phishing attacks on US colleges and universities will hopefully serve as a wake-up call for these institutions to take proactive measures to safeguard the personal information of their students and staff members,” they conclude.The report deals with US-based institutions but could also apply to universities and students elsewhere. UK universities use web and Intranet systems with similar-looking login pages. The US’s special vulnerability is the size and value of its education sector. Related content news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Cyberattacks Cyberattacks news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Data and Information Security Security Practices news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe