It’s Not Just About Retail: The Growing Risk of Phishing Scams on Education Agencies


Cyber-crime and education may not seem like an obvious problem. Yet, new research from the K-12 Cyber-Security Resource Center shows a disturbing upward trend in digital threat targeting school districts and educational authorities. In fact, since 2016, there have been 418 incidents that involve public schools, the equivalent of one every three days in the US, as seen below. 

In 2018 alone, these covered more than 38 states, and targeted more than 119 different agencies. Laws around disclosing information about cyber-crime differ from state to state, and so the real numbers are likely to be a lot higher. While some attacks are down to human error, or an attempt by students to ‘hack’ the system to obtain their grades or records, a frightening majority come down to a growing risk – phishing scams. 

In the map above, the blue pins show phishing attacks against schools which resulted in the disclosure of personal data. By impersonating legitimate school websites or social accounts, victims are tricked into giving away email addresses, financial information, and personally identifiable information that can be used for identity theft or fraud, or sold to eager criminals using the dark web. 

The Vulnerability of the Victims 

While all consumer phishing scams are cause for concern, educational institutions may be more at risk than the average sector. Firstly, many users will be children, who may be easily tricked into disclosing sensitive information, and less likely to notice or report something suspicious. In addition, teaching staff may not have a technical background, and schools or educational organizations are unlikely to have an IT department that is dedicated to cyber-crime intelligence or response.

Targeting Highly Sensitive Information

Another consideration is the type of information that attackers are getting their hands on when they target schools. Student data was found stolen in more than 60% of the 2018 attacks, which not only opens doors for identity theft and stolen credentials sold on the dark web, but is also against many federal and state regulations on student data privacy. From failure to adequately protect the identifiable information of minors, to financial crime that steals indirectly from tax payer dollars, the educational arena has its own unique challenges and therefore needs specific tools for its own protection. 

Taking the Problem Out of Your Hands Entirely 

The truth is, every industry will have their own weak points which need to be managed and considered, especially when fighting phishing scams, which are such a fast growing risk. If the threats are this serious in education, you can imagine how many attacks are happening in areas with even more sensitive or lucrative data, such as finance or e-commerce.  

To manage this growing threat, businesses need a cyber-security solution that can manage the problem from end to end. While some solutions will provide partial intelligence on potential threats that could become phishing scams, it is expensive to assign personnel to follow a suspect from preparation stages through to a live risk, especially when they will need technical expertise to block and take down an attack. 

Segasec has a perfect track record in handling the entire problem for organizations who want a smarter way to manage consumer phishing scams. From identifying the suspects and following the evolving threat, to automated block and take down of the live scam, and deception technology that confuses and diverts the attacker away from your network, every step of the attacker journey is uncovered and dealt with from start to finish. 

What’s more, whether we’re talking students or customers, your data is protected with the latest technological advances, confusing the attackers and diluting any information they manage to retrieve with millions of false records. This extra step gives you ultimate peace of mind that your sensitive data remains safe. 

Want to find out more about how Segasec can keep your organization safe? Get in touch for a live demo.