Home » Report finds nearly 90 percent of higher education institutions fail to protect from phishing attacks

Report finds nearly 90 percent of higher education institutions fail to protect from phishing attacks


INDIANAPOLIS, In. (March 6, 2018) – A new study published today by 250ok, a leader in advanced email analytics for DMARC, deliverability, design and engagement, revealed 88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain.

Phishing and spoofing attacks against consumers are likely when companies do not have a published Sender Policy Framework (SPF) or Domain-based Message Authentication, Reporting and Conformance (DMARC) policy in place. SPF is an email validation system that detects spoofing attempts, or a third party disguising itself as a particular sender using a counterfeit email address. DMARC is considered the industry standard for email validation to prevent such attacks.

The report, DMARC Adoption Among US Colleges and Universities, which analyzed 3,614 domains operated by the top accredited US colleges and universities by student enrollment, reveals the domains controlled by these institutions indexed lower in their adoption of a DMARC policy (11.2 percent) when compared to top US and EU retailers (15.8 percent).

“Since universities communicate with a wide range of constituencies, leaving email security up to chance is dangerous,” said Matthew Vernhout, director of privacy at 250ok. “Failing to publish basic authentication records and a DMARC policy leaves students, faculty, and other recipients unnecessarily exposed to phishing attacks.”

“We send up to millions of unique emails each month to students, asking them to click links. Recipients get used to seeing emails from a UKY.edu domain, and they may click a link without double-checking where the email came from,” said Alex Mackey, digital strategy manager at the University of Kentucky and 250ok client.

“Being compliant and understanding the implications of spoofers using your domain needs to be at the forefront of the mind of anyone who is sending email, especially in the higher ed space.”

A 2017 study from the Anti-Phishing Working Group reported phishing attacks targeted an average of 443 brands per month in the first half of 2017, up from 413 per month during the same period in the previous year. These attacks are a threat to brand trust, as 91 percent of all cyber attacks begin with a phishing email.

To access the full report, visit: s.250ok.com/pagen822a

250ok focuses on advanced email analytics, insight and deliverability technology to power a large and growing number of businesses and higher education email programs ranging from clients like the University of Kentucky, eHarmony and Marketo, who depend on 250ok to cut through big data noise and provide actionable, real-time analytics to maximize email performance. For more information, visit 250ok.com.