Lancaster University has had the personal data of students and applicants stolen in a ‘sophisticated and malicious’ phishing attack.
Hackers managed to access the names, addresses, phone numbers and emails of students who had applied to join the university in 2019 and 2020.
Phishing emails are designed to look like legitimate emails persuading you to carry out some function to give the attacked access to either data or funds. In this case the data was used to send fraudulent invoices to some undergraduate applicants.
Businesses are very susceptible to phishing attacks as they very closely emulate the type of language that the actual sender would use and also use the same graphics and fonts which can make phishing emails very difficult to detect.
How does a phishing email work?
This attack mechanism is becoming very common – we have worked with clients that have received phishing emails; asking for the recipient to click on a link to verify or update their login details. The attacker then gains access to their emails, internal systems or they could infect the network with malware.
An employee of one of our clients fell for a phishing email where they updated their email login details; from that the attacker was able to access their account and see the contact information of their clients and the invoices that had been sent to them.
The attacker went on to harvest the contact details, modify an existing invoice, so they could use the official letter head design, and email the list of clients with new payment instructions. The company went on to lose £45k the following month.
This simple yet very effective attack vector has certain characteristics which can indicate that the email is coming from a malicious source, training can help employees identify these traits, however they are becoming more difficult to spot. Technology can help to bridge that gap, by notifying you if any of the characteristics are found within an email.
RiskView can ensure that phishing emails are found and even traced if they are forwarded around the organisation. Find out how RiskView can protect your business from information risk.View More Articles
- 14th August 2019The dangers of Subject Access Requests
- 12th August 2019Is GDPR now being taken more seriously?
- 5th August 2019The financial impact of Subject Access Requests
- 1st August 2019DDC AS Launches SmartRedact
- 31st July 2019Don’t be blindsided by your organisations handling of data
- 25th July 20191 in 3 Organisations are struggling to implement the GDPR
- 24th July 2019Lancaster Uni Phishing Attack
- 22nd July 2019The Human Element of Data Security
- 15th July 2019Third Party Data Protection
- 10th July 2019Two Fines in Two Days – ICO Plans to Fine Marriot £99m