How Hackers Target College Campuses

How Hackers Target College Campuses

With new and returning students flooding the campus, bringing with them a host of computers and devices open to attacks, the beginning of school is when campuses are at their most vulnerable.

University IT departments across the country are bracing themselves for the beginning of the fall semester. It’s when the university’s network is at its most vulnerable, with new and returning students flooding the campus, bringing with them a host of computers and devices open to attacks.

Students are perfect targets for hackers. Considering how much money flows into a school just from tuition costs, cybercriminals are looking to cash in on weak campus cybersecurity. They have the potential to steal student and faculty databases, vandalize a university’s website and access private information held by an admission’s office like a student’s Social Security numbers, addresses and financial aid data.

Phishing – when hackers steal your passwords by sending you links to fake websites – has become a popular tactic used on young adults especially, using what looks like celebrity gossip or free travel prizes to get them to click on phony links.

Duo Security, which protects more than 400 campuses, found that 70 percent of universities in the UK have fallen victim to phishing attacks. Kendra Cooley, a security analyst at the company, said that students are more likely to fall for phishing attacks because they haven't been exposed to them as much as working adults have.

A lot of university IT teams have their hands tied because it’s impossible to go to every individual student and scan their computers.

"All these kids are coming on campus, and you don't know the security level of their devices, and you can't manage it, because it's theirs," said Dennis Borin, a senior solutions architect at security company EfficientIP, which protects up to 75 campuses in the U.S.

Borin said that, instead of going through every single student, his company casts a wide net over the web traffic. If there's any suspicious activity coming from a specific device, they're able to send warnings to the student and kick him or her off the network if necessary.

Fake apps can also trick victims into downloading viruses, often targeting students as well. According to security firm RiskIQ, a quick search for "back to school apps" in August found 1,182 apps that were blacklisted for containing malware or spyware.   

Researchers from the company scanned 120 mobile app stores, including the Google Play store, which had more than 300 blacklisted apps. They found apps for back-to-school tools, themes and wallpapers for your device, and others that promised to help students cheat on exams.

Other warning signs to watch out for when it comes to phony apps, Risk IQ said, are poorly written reviews and developers using public domain emails for contacts. For any educational apps, like Blackboard Learn, you should always check the sources and look for the official versions.