• Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Write For Us / Submit
Tech News, Magazine & Review WordPress Theme 2017
  • Tech
    Facebook Marketplace And DoorDash Team Up

    Facebook Marketplace And DoorDash Team Up

    How Frustration Over TikTok Has Mounted in Washington

    How Frustration Over TikTok Has Mounted in Washington

    Hundreds Of Employees At TikTok Earlier Worked With Chinese State Media: Report

    300 Employees At TikTok Earlier Worked With Chinese State Media: Report

    Facebook had little choice but to surrender data in Nebraska abortion case

    Facebook had little choice but to surrender data in Nebraska abortion case

    facebook headquarters

    Meta testing stronger Facebook Messenger encryption after abortion case

    Silhouette of smartphone with Facebook, Messenger, whatsApp, Instagram, Oculus apps and blurred META logo on background.

    Meta Aims to Encrypt All Facebook Messenger Chats – Review Geek

    How Trump changed Facebook - Vox

    How Trump changed Facebook – Vox

    Facebook's Message Encryption Was Built to Fail

    Facebook’s Message Encryption Was Built to Fail

    Parents are introducing kids to the original starter Pokémon on TikTok

    Parents are introducing kids to the original starter Pokémon on TikTok

  • Gear
    • All
    • Camera
    • Laptop
    • Smartphone
    The Pixel 6a's OLED Screen Can Be Modded to Run at 90Hz

    The Pixel 6a’s OLED Screen Can Be Modded to Run at 90Hz

    Apple 5W charger

    Apple’s Old 5W iPhone Charger Is Going Away: Here’s Why

    Nest WiFi Label FCC

    New Nest WiFi With WiFi 6E Likely Revealed

    Samsung Odyssey Ark monitor is bigger than a toddler

    Samsung Odyssey Ark monitor is bigger than a toddler

    iPhone 14 Pro Max with iOS 16's always-on display feature imagined in concept renders

    iPhone 14 Pro Max with iOS 16’s always-on display feature imagined in concept renders

    6 Best Monitors (2022): Budget, Ultrawide, 4K, Portable

    6 Best Monitors (2022): Budget, Ultrawide, 4K, Portable

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Apps
    Google Drive logo.

    How to Manage Apps Connected to Your Google Drive

    6 Android Apps for Budget Management

    Samsung Galaxy Z Fold 4: $1,800 Foldable Phone Returns With New Design, Software Tweaks

    8 Types Of Android Apps To Delete Right Away

    8 Types Of Android Apps To Delete Right Away

    Hashtag Trending June 28 – ‘how to move to Canada’ surges in searches; MacBook Pro M2 SSD speed; streaming ‘moochers’ may not pay for a sub

    Hashtag Trending August 12 – Facebook is not popular with teens; misinformation continues to spread; FCC rejects Starlink’s application for $885 million subsidy

    Sloppy Software Patches Are a ‘Disturbing Trend’

    Sloppy Software Patches Are a ‘Disturbing Trend’

    Cyber Security Today for June 29, 2022 — A list of the most dangerous software weaknesses is updated, a warning to Kubernetes administrators, and more

    Cyber Security Today, August 10, 2022 – Bad apps are found in the PyPI repository, six backdoors are used in a gang’s cyber attacks, a new botnet found and more

  • Gaming
    Microsoft finally admits Xbox One sales were less than half of the PS4

    Microsoft finally admits Xbox One sales were less than half of the PS4

    Future of esports in a country economy

    Future of esports in a country economy

    10 Awesome PC Gaming Accessories and Peripherals Worth Getting

    10 Awesome PC Gaming Accessories and Peripherals Worth Getting

    M'sia bags 3 golds at the Commonwealth Esports Championships

    M’sia bags 3 golds at the Commonwealth Esports Championships

    Microsoft Testing PC Game Pass Widget for Windows 11

    Microsoft Testing PC Game Pass Widget for Windows 11

    Genshin Impact game artwork

    10 Best Crossplay Games for Consoles and PC (2022): Xbox, PlayStation, Switch, Mobile

  • Crypto
    Facebook Marketplace And DoorDash Team Up

    Facebook Marketplace And DoorDash Team Up

    How Frustration Over TikTok Has Mounted in Washington

    How Frustration Over TikTok Has Mounted in Washington

    Hundreds Of Employees At TikTok Earlier Worked With Chinese State Media: Report

    300 Employees At TikTok Earlier Worked With Chinese State Media: Report

    Facebook had little choice but to surrender data in Nebraska abortion case

    Facebook had little choice but to surrender data in Nebraska abortion case

    facebook headquarters

    Meta testing stronger Facebook Messenger encryption after abortion case

    Silhouette of smartphone with Facebook, Messenger, whatsApp, Instagram, Oculus apps and blurred META logo on background.

    Meta Aims to Encrypt All Facebook Messenger Chats – Review Geek

    How Trump changed Facebook - Vox

    How Trump changed Facebook – Vox

    Facebook's Message Encryption Was Built to Fail

    Facebook’s Message Encryption Was Built to Fail

    Parents are introducing kids to the original starter Pokémon on TikTok

    Parents are introducing kids to the original starter Pokémon on TikTok

  • Business
    Facebook Marketplace And DoorDash Team Up

    Facebook Marketplace And DoorDash Team Up

    How Frustration Over TikTok Has Mounted in Washington

    How Frustration Over TikTok Has Mounted in Washington

    Hundreds Of Employees At TikTok Earlier Worked With Chinese State Media: Report

    300 Employees At TikTok Earlier Worked With Chinese State Media: Report

    Facebook had little choice but to surrender data in Nebraska abortion case

    Facebook had little choice but to surrender data in Nebraska abortion case

    facebook headquarters

    Meta testing stronger Facebook Messenger encryption after abortion case

    Silhouette of smartphone with Facebook, Messenger, whatsApp, Instagram, Oculus apps and blurred META logo on background.

    Meta Aims to Encrypt All Facebook Messenger Chats – Review Geek

    How Trump changed Facebook - Vox

    How Trump changed Facebook – Vox

    Facebook's Message Encryption Was Built to Fail

    Facebook’s Message Encryption Was Built to Fail

    Parents are introducing kids to the original starter Pokémon on TikTok

    Parents are introducing kids to the original starter Pokémon on TikTok

No Result
View All Result
Geeky Insider
  • Tech
    Facebook Marketplace And DoorDash Team Up

    Facebook Marketplace And DoorDash Team Up

    How Frustration Over TikTok Has Mounted in Washington

    How Frustration Over TikTok Has Mounted in Washington

    Hundreds Of Employees At TikTok Earlier Worked With Chinese State Media: Report

    300 Employees At TikTok Earlier Worked With Chinese State Media: Report

    Facebook had little choice but to surrender data in Nebraska abortion case

    Facebook had little choice but to surrender data in Nebraska abortion case

    facebook headquarters

    Meta testing stronger Facebook Messenger encryption after abortion case

    Silhouette of smartphone with Facebook, Messenger, whatsApp, Instagram, Oculus apps and blurred META logo on background.

    Meta Aims to Encrypt All Facebook Messenger Chats – Review Geek

    How Trump changed Facebook - Vox

    How Trump changed Facebook – Vox

    Facebook's Message Encryption Was Built to Fail

    Facebook’s Message Encryption Was Built to Fail

    Parents are introducing kids to the original starter Pokémon on TikTok

    Parents are introducing kids to the original starter Pokémon on TikTok

  • Gear
    • All
    • Camera
    • Laptop
    • Smartphone
    The Pixel 6a's OLED Screen Can Be Modded to Run at 90Hz

    The Pixel 6a’s OLED Screen Can Be Modded to Run at 90Hz

    Apple 5W charger

    Apple’s Old 5W iPhone Charger Is Going Away: Here’s Why

    Nest WiFi Label FCC

    New Nest WiFi With WiFi 6E Likely Revealed

    Samsung Odyssey Ark monitor is bigger than a toddler

    Samsung Odyssey Ark monitor is bigger than a toddler

    iPhone 14 Pro Max with iOS 16's always-on display feature imagined in concept renders

    iPhone 14 Pro Max with iOS 16’s always-on display feature imagined in concept renders

    6 Best Monitors (2022): Budget, Ultrawide, 4K, Portable

    6 Best Monitors (2022): Budget, Ultrawide, 4K, Portable

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Apps
    Google Drive logo.

    How to Manage Apps Connected to Your Google Drive

    6 Android Apps for Budget Management

    Samsung Galaxy Z Fold 4: $1,800 Foldable Phone Returns With New Design, Software Tweaks

    8 Types Of Android Apps To Delete Right Away

    8 Types Of Android Apps To Delete Right Away

    Hashtag Trending June 28 – ‘how to move to Canada’ surges in searches; MacBook Pro M2 SSD speed; streaming ‘moochers’ may not pay for a sub

    Hashtag Trending August 12 – Facebook is not popular with teens; misinformation continues to spread; FCC rejects Starlink’s application for $885 million subsidy

    Sloppy Software Patches Are a ‘Disturbing Trend’

    Sloppy Software Patches Are a ‘Disturbing Trend’

    Cyber Security Today for June 29, 2022 — A list of the most dangerous software weaknesses is updated, a warning to Kubernetes administrators, and more

    Cyber Security Today, August 10, 2022 – Bad apps are found in the PyPI repository, six backdoors are used in a gang’s cyber attacks, a new botnet found and more

  • Gaming
    Microsoft finally admits Xbox One sales were less than half of the PS4

    Microsoft finally admits Xbox One sales were less than half of the PS4

    Future of esports in a country economy

    Future of esports in a country economy

    10 Awesome PC Gaming Accessories and Peripherals Worth Getting

    10 Awesome PC Gaming Accessories and Peripherals Worth Getting

    M'sia bags 3 golds at the Commonwealth Esports Championships

    M’sia bags 3 golds at the Commonwealth Esports Championships

    Microsoft Testing PC Game Pass Widget for Windows 11

    Microsoft Testing PC Game Pass Widget for Windows 11

    Genshin Impact game artwork

    10 Best Crossplay Games for Consoles and PC (2022): Xbox, PlayStation, Switch, Mobile

  • Crypto
    Facebook Marketplace And DoorDash Team Up

    Facebook Marketplace And DoorDash Team Up

    How Frustration Over TikTok Has Mounted in Washington

    How Frustration Over TikTok Has Mounted in Washington

    Hundreds Of Employees At TikTok Earlier Worked With Chinese State Media: Report

    300 Employees At TikTok Earlier Worked With Chinese State Media: Report

    Facebook had little choice but to surrender data in Nebraska abortion case

    Facebook had little choice but to surrender data in Nebraska abortion case

    facebook headquarters

    Meta testing stronger Facebook Messenger encryption after abortion case

    Silhouette of smartphone with Facebook, Messenger, whatsApp, Instagram, Oculus apps and blurred META logo on background.

    Meta Aims to Encrypt All Facebook Messenger Chats – Review Geek

    How Trump changed Facebook - Vox

    How Trump changed Facebook – Vox

    Facebook's Message Encryption Was Built to Fail

    Facebook’s Message Encryption Was Built to Fail

    Parents are introducing kids to the original starter Pokémon on TikTok

    Parents are introducing kids to the original starter Pokémon on TikTok

  • Business
    Facebook Marketplace And DoorDash Team Up

    Facebook Marketplace And DoorDash Team Up

    How Frustration Over TikTok Has Mounted in Washington

    How Frustration Over TikTok Has Mounted in Washington

    Hundreds Of Employees At TikTok Earlier Worked With Chinese State Media: Report

    300 Employees At TikTok Earlier Worked With Chinese State Media: Report

    Facebook had little choice but to surrender data in Nebraska abortion case

    Facebook had little choice but to surrender data in Nebraska abortion case

    facebook headquarters

    Meta testing stronger Facebook Messenger encryption after abortion case

    Silhouette of smartphone with Facebook, Messenger, whatsApp, Instagram, Oculus apps and blurred META logo on background.

    Meta Aims to Encrypt All Facebook Messenger Chats – Review Geek

    How Trump changed Facebook - Vox

    How Trump changed Facebook – Vox

    Facebook's Message Encryption Was Built to Fail

    Facebook’s Message Encryption Was Built to Fail

    Parents are introducing kids to the original starter Pokémon on TikTok

    Parents are introducing kids to the original starter Pokémon on TikTok

Submit
Geeky Insider
No Result
View All Result

Top Universities Exposing Students, Faculty and Staff to Email Crime

by Staff Writer
August 3, 2022
in Education
Reading Time: 5 mins read
Top Universities Exposing Students, Faculty and Staff to Email Crime
Share on FacebookShare on Twitter

Nearly all the top 10 universities in the United States, United Kingdom, and Australia are putting their students, faculty and staff at risk of email compromise by failing to block attackers from spoofing the schools’ email domains.

According to a report released Tuesday by enterprise security company Proofpoint, universities in the United States are most at risk with the poorest levels of protection, followed by the United Kingdom, then Australia.

READ ALSO

Twitch changes course, will now require masks at TwitchCon

Twitch changes course, will now require masks at TwitchCon

August 12, 2022
Deep learning can almost perfectly predict how ice forms

Deep learning can almost perfectly predict how ice forms

August 11, 2022

The report is based on an analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records at the schools. DMARC is a nearly decade-old email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination.

The protocol offers three levels of protection — monitor, quarantine, and the strongest level, reject. None of the top universities in any of the countries had the reject level of protection enabled, the report found.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare,” Proofpoint Executive Vice President for Cybersecurity Strategy Ryan Kalember said in a statement.

“This, unfortunately, makes these institutions a highly attractive target for cybercriminals,” he continued. “The pandemic and rapid shift to remote learning has further heightened the cybersecurity challenges for tertiary education institutions and opened them up to significant risks from malicious email-based cyberattacks, such as phishing.”

Barriers to DMARC Adoption

Universities aren’t alone in poor DMARC implementation.

A recent analysis of 64 million domains globally by Red Sift, a London-based maker of an integrated email and brand protection platform, found that only 2.1 percent of the domains had implemented DMARC. Moreover, only 28% of all publicly traded companies in the world have fully implemented the protocol, while 41% enabled only the basic level of it.

There can be a number of reasons for an organization not adopting DMARC. “There can be a lack of awareness around the importance of implementing DMARC policies, as well as companies not being fully aware of how to get started on implementing the protocol,” explained Proofpoint Industries Solutions and Strategy Leader Ryan Witt.

“Additionally,” he continued, “a lack of government policy to mandate DMARC as a requirement could be a contributing factor.”

“Further,” he added, “with the pandemic and current economy, organizations may be struggling to transform their business model, so competing priorities and lack of resources are also likely factors.”

A D V E R T I S E M E N T

The technology can be challenging to set up, too. “It requires the ability to publish DNS records, which requires systems and network administration experience,” explained Craig Lurey, CTO and co-founder of Keeper Security, a provider of zero-trust and zero-knowledge cybersecurity software, in Chicago.

In addition, he told TechNewsWorld: “There are several layers of setup required for DMARC to be implemented correctly. It needs to be closely monitored during implementation of the policy and the rollout to ensure that valid email is not being blocked.”

No Bullet for Spoofing

Nicole Hoffman, a senior cyber threat intelligence analyst with Digital Shadows, a provider of digital risk protection solutions in San Francisco, agreed that implementing DMARC can be a daunting task. “If implemented incorrectly, it can break things and interrupt business operations,” she told TechNewsWorld.

“Some organizations hire third parties to help with implementation, but this requires financial resources that need to be approved,” she added.

She cautioned that DMARC will not protect against all types of email domain spoofing.

“If you receive an email that appears to be from Bob at Google, but the email actually originated from Yahoo mail, DMARC would detect this,” she explained. “However, if a threat actor registered a domain that closely resembles Google’s domain, such as Googl3, DMARC would not detect that.”

Unused domains can also be a way to evade DMARC. “Domains that are registered, but unused, are also at risk of email domain spoofing,” Lurey explained. “Even when organizations have DMARC implemented on their primary domain, failing to enable DMARC on unused domains makes them potential targets for spoofing.”

Universities’ Unique Challenges

Universities can have their own set of difficulties when it comes to implementing DMARC.

“A lot of times universities don’t have a centralized IT department,” Red Sift Senior Director of Global Channels Brian Westnedge told TechNewsWorld. “Each college has its own IT department operating in silos. That can make it a challenge to implement DMARC across the organization because everyone is doing something a little different with email.”

Witt added that the constantly changing student population at universities, combined with a culture of openness and information-sharing, can conflict with the rules and controls often needed to effectively protect the users and systems from attack and compromise.

A D V E R T I S E M E N T

Furthermore, he continued, many academic institutions have an associated health system, so they need to adhere to controls associated with a regulated industry.

Funding can also be an issue at universities, noted John Bambenek, principle threat hunter at Netenrich, a San Jose, Calif.-based IT and digital security operations company. “The biggest challenges to universities is low funding of security teams — if they have one — and low funding of IT teams in general,” he told TechNewsWorld.

“Universities don’t pay particularly well, so part of it is a knowledge gap,” he said.

“There is also a culture in many universities against implementing any policies that could impede research,” he added. “When I worked at a university 15 years ago, there were knock-down drag-out fights against mandatory antivirus on workstations.”

Expensive Problem

Mark Arnold, vice president for advisory services at Lares, an information security consulting firm in Denver, noted domain spoofing is a significant threat to organizations and the technique of choice of threat actors to impersonate businesses and employees.

“Organizational threat models should account for this prevalent threat,” he told TechNewsWorld. “Implementing DMARC allows organizations to filter and validate messages and help thwart phishing campaigns and other business email compromises.”

Business email compromise (BEC) is probably the most expensive problem in all of cybersecurity, maintained Witt. According to the FBI, $43 billion was lost to BEC thieves between June 2016 and December 2021.

“Most people don’t realize how extraordinarily easy it is to spoof an email,” Witt said. “Anyone can send a BEC email to an intended target, and it has a high probability of getting through, especially if the impersonated organization isn’t authenticating their email.”

“These messages often don’t include malicious links or attachments, sidestepping traditional security solutions that analyze messages for these traits,” he continued. “Instead, the emails are simply sent with text designed to con the victim into acting.”

“Domain spoofing, and its cousin typosquatting, are the lowest hanging fruit for cybercriminals,” Bambenek added. “If you can get people to click on your emails because it looks like it is coming from their own university, you get a higher click-through rate and by extension, more fraud losses, stolen credentials and successful cybercrime.”

“In recent years,” he said, “attackers have been stealing students’ financial aid refunds. There is big money to be made by criminals here.”

Source by www.technewsworld.com

Related Posts

Grab one or all of these gadgets to fuel your Back to Education gusto
Education

Grab one or all of these gadgets to fuel your Back to Education gusto

August 15, 2022
Facepalm: USPTO Grants Ohio State University Trademark On The Word ‘The’
Education

Yet Another Study Finds Cable News Has A Much Bigger Effect On US Polarization Than Social Media

August 15, 2022
Study for a perfect score and help kids in need by purchasing this portable monitor
Education

Study for a perfect score and help kids in need by purchasing this portable monitor

August 14, 2022
New study findings reveal TikTok the ‘most data-hungry app’
Education

New study findings reveal TikTok the ‘most data-hungry app’

August 13, 2022

Recommended.

Which HBO Max Genre Series or Movie Needs Saving?

Which HBO Max Genre Series or Movie Needs Saving?

August 5, 2022
6 Android Apps for Budget Management

OnePlus 10 Pro Owners, Your Android 13 Beta Has Arrived

August 9, 2022

Trending.

graduate student school college certification it career data scientist

Companies move to drop college degree requirements for new hires, focus on skills

August 10, 2022
VPN logo on a laptop PC and smartphone.

How to Choose the Best VPN Service for Your Needs

July 27, 2022
what is API Testing

10 Best API Testing Tools to Use in 2022

July 11, 2022
There are 10 benefits of working with a digital marketing company

The Benefits Of Working With A Digital Marketing Company

July 18, 2022
SFI’s Insight partners with Cadence to use quantum computing in chip design

SFI’s Insight partners with Cadence to use quantum computing in chip design

July 15, 2022
Geeky Insider

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Categories

  • Android
  • Apple
  • Apps and softwares
  • Articles
  • Business
  • Camera
  • Crypto
  • Education
  • Entertainment
  • Gadget and Gear
  • Gaming
  • How To
  • Laptop
  • Marketing
  • Microsoft
  • Review
  • Security
  • Smartphone
  • Technology

Submit a Techy Post | Write For Us

Feel free to contact us for submission queries. via contact form or email us at [email protected].

  • Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Write For Us / Submit

© 2022 GeekyInsider.com

No Result
View All Result
  • Home
  • Review
  • Apple
  • Apps and softwares
  • Gaming
  • Gadget and Gear
    • Camera
    • Smartphone
  • Microsoft
  • Security