By Luke Payne
Over 300 Durham University emails were hacked and used for malicious purposes such as phishing emails over the past three years, a Freedom of Information request has revealed. Over the same period, almost 6,000 emails were reported to Durham’s phishing report email email@example.com.
In 2018/19, the number of hacked Durham email accounts was 250 but then fell sharply the following year to 53 accounts. As of February, only 17 Durham email accounts have been identified to have sent malicious emails this academic year.
This academic year has seen a sharp rise in emails reported for phishing activity. Up to February, 2,626 emails were reported for phishing activity this academic year, compared with only 1,613 and 1,696 emails over the full academic years of 2019/20 and 2018/19 respectively.
This year, Durham University introduced multi-factor authentication for its University accounts, to improve cyber security. The system requires verification via a smartphone when accessing emails and other University services using login credentials.
When asked about the implementation of multi-factor authentication and other cyber security measures, a University spokesperson said: “Phishing is a constant threat across all sectors and for private individuals. Multi-factor authentication is a key security measure for account security and is one of a number of measures in place or planned to enhance security.
“Many security measures exist in the background and are much less visible to staff and students than multi-factor authentication and it is not appropriate to publicise specific details of security measures, as this can reduce their effectiveness.
“In recent years, we have increased user awareness activities relating to common security threats, including guidance to staff and students, web content and specific, branded awareness campaigns.
“Awareness campaigns and provision of the ‘report message’ feature in Outlook have encouraged members of the University to report suspicious emails and made it easier and quicker for them to do so.
“It is likely that this has contributed to an increase in reports of phishing. However, the volume of phishing threats is an external factor outside of the University’s control and will vary with global trends. Security industry analysis indicates an overall increase in internet security threats during the Covid-19 pandemic, regardless of industry.”
Image: TheDigitalArtist via Pixabay