Back-to-School Phishing Scams

With the summer holidays drawing to a close and many parents sending their children back to school or university over the coming days, it is often easy to forget your digital security in the rush. However, cybercriminals use this to their advantage to target individuals at times when they have their guard down.  

Common Back-to-School Phishing Scams: 

Cyber Criminals are focusing their back-to-school phishing areas on a few key areas: 

• School supply scams: School supply scams focus on many key suppliers or products students or parents will be purchasing for the start of the new academic year, such as uniforms, stationery, and technology like laptops or specialist software. These malicious emails typically offer exclusive discounts to lure in victims, providing cloned malicious websites that steal information, such as payment information and contact information (name, address, phone number, etc).  

• Information / Enrolment Scams: Starting at a new school or university can be an overwhelming process, with lots of information being communicated across a variety of channels, including email, social media and physical letters. Cybercriminals could spread misinformation about the process or false letters aimed at gathering personal data or spreading malware.  

• Student Housing scams: For students in higher education, housing can be a complex process to secure, with many cities having more demand than supply. Cybercriminals send fake listings, often with reduced pricing, to lure in victims, aiming to steal their payment information as well as personal information.  

• Tuition fee/ scholarship scams: Cybercriminals may offer fraudulent scholarships, grants or tuition fee discounts to students. Recipients are often asked to provide personal information or make upfront payments, which will never be returned.  

• Society, clubs and PTA scams: Many criminals choose to impersonate clubs, societies or Parent Teacher Associations (PTAs). This is because they can use a variety of channels, and it can be more challenging to verify the authenticity of these accounts. Many offer events or memberships with upfront payments that are fraudulent and used to steal money from victims.  

What is Phishing? 

Phishing is a type of social engineering attack that uses common communication methods, such as email, to distribute malicious material. This could be infected attachments, misinformation or infected web links. With 79% of businesses identifying a phishing attempt on their business within the last 12 months and a 17% growth in Phishing attacks during 2023, this threat remains at the forefront of cyber breaches in 2024. For more information, read our previous blog, ‘Stay Sharp, Don’t Take the Bait: Unmasking Phishing Emails’. 

How this affects your business 

Many people would typically relate a back-to-school scam to their personal life, but it can also affect your business in various ways, even if the business has limited interaction with academic institutions.  

The first is if an academic institution is anywhere in your supply chain. For example, you may have a customer that is an academic institution or a supplier that does. This could disrupt the supply chain, with either delays in production from your supplier or quality compromises. These attacks could then traverse through the interconnected web of businesses and affect your team or your business's data if IT infrastructure is incorrectly configured.  

How to stay protected 

The looming threat of phishing continues to be a problem for businesses and individuals.  Staying protected is vital in the modern world. Businesses have a variety of methods to stay protected. CTRL-S recommend these key methods: 

• Employee education – Conduct regular training sessions on the current threat landscape and attack identification with services such as Cyber Wise to educate your team to be a human shield against cyber attacks. We also recommend sending simulated phishing attacks to familiarise and educate your teams against dangerous emails.  

• Enforce multifactor authentication – enabling multifactor authentication acts as a technical line of defence, providing another hurdle for cyberattacks to have to overcome to gain access to your data.  

• Implement technical controls, such as email filtering, to block potential phishing threats from being delivered to your team.  

• Update software regularly – ensure that all software and operating systems are patched to prevent against fixed vulnerabilities still being exploitable.  

How CTRL-S can help your business 

CTRL-S can provide a wealth of solutions to help protect your business against phishing threats. Our Cyber Wise service is built from the ground up to instil a culture of data security amongst your team, enabling more successful identification and prevention of potential threats.   We also provide industry-leading software, including email spam filtering and Remote Management tools, to ensure your infrastructure is kept guarded and up to date. 

Get in touch today to learn more about our Cyber Wise service or see our innovative suite of tools to protect your business.