Two in three of the UK’s top universities don’t have the recommended level of fraud protection for emails
Students waiting for their A-level results are at risk of being scammed as universities are not blocking fraudulent emails, cybersecurity experts warn.
65% of the UK’s top 20 universities are not using appropriate email authentication tools, research by cybersecurity firm Proofpoint has found.
It says that fraudsters could easily imitate the universities and request payments via email, putting students applying for a university place after their A-levels at risk of fraud.
Meanwhile, 35% of institutions were using software tools to block email scams that are below the recommended level.
Mark White, chief executive of scam avoidance service Reassura, says: "Scams and comedy are in a way very similar and in another way opposites. The similarity is that they both rely on timing.
"Fraudsters have the most success when they catch us at our most vulnerable and although it was a long time ago, I can still remember how vulnerable I felt when I received my A-level results.
“Where they differ is that good comedy is funny, and fraud and scam simply are not. The financial consequences of being caught out can have a major impact on a new student’s life or ability to even go to University and the non-financial consequences, the stress, sleeping issues, misconceptions of embarrassment etc can be crippling."
A spokesperson from the National Security Cyber Security Centre says: “The NCSC works closely with the academic sector to improve their security practices and help protect education establishments from cyber threats.
“In order to mitigate the risk of phishing attacks, people should be vigilant around any message that purports to be from an organisation they deal with – including universities. This is particularly important when emails ask for personal information, banking details or contains unexpected mistakes, attachments or links.”
How to protect yourself
If your university sends an email requesting payment, call them using a number from their website and check if the email really is from them.
Do not divulge personal details unless you are certain who you are sharing it with, and certainly not PIN numbers.
If your university emails asking for payment, go independently to their website to find the telephone number of their finance department or main switchboard and call to check if the request is real and that the account details are correct.
Contact your bank or credit card company if you are worried about having given out financial details.
If you have been a victim of fraud or cybercrime you can report it to Action Fraud online or by calling 0300 123 2040.