A new report from the Digital Citizens Alliance called Cyber Criminals, College Credentials, and the Dark Web demonstrates the enormous challenge that arises from unsecure higher education emails and the damage they can cause.
Over the past eight years, researchers have discovered 13,930,176 e-mail addresses and passwords belonging to faculty, staff, students, and alumni at the 300 largest higher education institutions in the United States available to cyber criminals on Dark Web sites. Anyone can purchase the data and use the emails to enact their fraudulent schemes.
While many of the accounts are hacked from staff and students, some of the emails available for sale in the digital underground are fake emails. While not attributed to a real person, these addresses utilize the institution’s domain name, taking advantage of the credibility often associated with a .edu address.
The non-profit’s press release notes that “fake e-mails can be used to scam others in the university and college communities. Criminals can also use fakes to take advantage of discounts offered to students and faculty on software and various other products.”
The University of Michigan-Ann Arbor led the pack with 122,556 credentials for sale on the dark web, but the Massachusetts Institute of Technology (MIT) ranked highest in terms of corrupt email ratio. For every legitimate email with an MIT domain name, there are 2.81 fake emails – a truly staggering number.
The report recommends universities share the following tips to reduce the risk of compromising emails:
- Use a mix of uppercase, lowercase, numbers, and special characters
- Make the password as long as the system allows
- Think in terms of passphrases instead of passwords
- Use a random password generator to avoid social engineering
- Do not re-use university provided password for other systems
- Change passwords at least annually or if exposure is suspected
- Consider using a password vault to store passwords
- Never share passwords with others
- Report any suspicious activity to local law enforcement or the institutional IT incident response team
These are fine recommendations, but ignore the fact that there are still plenty of other ways to access the accounts. Email is an inherently flawed form of communication, and it’s time to look for safer and more advanced alternatives.
One of these alternatives is Evizone Secure Communications (ESC), our proprietary technology that offers the strongest commercially available system for the secure exchange and compliance archiving of electronic communications.
The Digital Citizens Alliance report should concern educational institutions everywhere. If they’re serious about their cybersecurity, they should reach out to us or sign up for a free trial at https://evizone.com/free-trial/.
About Evizone Ltd.
Evizone Ltd. is a revolutionary secure communications, encryption and compliance software and service provider based in Montreal, Quebec, Canada. Evizone offers innovative enterprise solutions in secure messaging (next generation beyond encrypted e mail) and encryption, encryption at rest, regulatory compliance, compliance archiving, WORM compliance, 17a-4 compliance, document life cycle management and communications governance and risk management. Evizone’s services protect organizations through best in class security, encryption, recipient controls, document life cycle management, discovery management, compliance management, compliance archiving, tamper proof WORM and 17a-4 compliance archiving and complete audit records against the enormous damage caused by communications breaches. Evizone’s patented technologies offer a level of security impossible to obtain with conventional or encrypted email and fast, powerful, user friendly compliance archiving. Evizone’s services are immediately available on multiple platforms and provide the strongest commercially available communications security and compliance archiving. You can follow Evizone on Facebook, Twitter, and LinkedIn.
Tom Kott, HATLEY Strategy Advisors, 514.316.7082, firstname.lastname@example.org