Out of the 100 schools surveyed, almost half are vulnerable to email fraud and domain spoofing

Sydney, Australia – 2 May 2023 – Proofpoint, Inc., a leading cybersecurity and compliance company, today announced that over 85,000 private school students and staff in Australia are vulnerable to email-based phishing attacks. Proofpoint’s analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) adoption amongst Australia’s 100 largest independent schools by enrolment size found that 42% lack the most basic email protection. These schools fail to take appropriate measures to proactively block attackers from spoofing their email domains, substantially increasing the risk of email fraud.

The analysis arrives on the heels of Proofpoint’s recent State of the Phish 2023 report, which found that nine in 10 Australian organisations (90%) experienced at least one successful email-based phishing attack in 2022, with almost half (48%) reporting direct financial losses.

“No matter their size or number of students enrolled, schools remain an attractive target for scammers due to the large and diverse amount of data they store,” said Steve Moros, senior director, advanced technology group, Asia Pacific and Japan, Proofpoint. “From sensitive information such as addresses, contact details, medical records, bank and credit card information to employee information such as tax file numbers, cyber criminals will stop at nothing to obtain all data withheld inside a school system.”

Cybercriminals also see schools as being easy targets due to their lack of cyber specialists and the high probability that students will fall for phishing scams. Cyber criminals exploit this well-known fact to extract personal information from students and staff by using luring techniques and disguising emails as messages from the school IT department or administration, often directing users to fake landing pages to harvest credentials. Email authentication protocols like DMARC are the best way to prevent email fraud and protect students, faculty, and alumni from malicious attacks.

“As keepers of vast amounts of sensitive and critical data, schools across Australia must ensure that they have the strictest level of DMARC protocol in place to protect students and faculty within their networks,” added Moros. “It’s incredibly concerning to see that only 9 out of the 100 schools analysed are protected from being impersonated by cybercriminals, especially following one of the biggest years for scams and data breaches in the nation’s history. Only when these schools start shoring up their cybersecurity defences will they ensure that malicious emails can’t compromise their data,” concluded Moros.

What is DMARC?

DMARC is an open email authentication protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing the message to reach its intended recipient. Organisations using a DMARC protocol can implement three levels of policy for unqualified emails attempting to spoof their domains:

1. Monitor (allows unqualified emails to go to the recipient's inbox or other folders).
2. Quarantine (directs unqualified emails to go to the junk or spam folder).
3. Reject (highest level of protection - blocks unqualified emails from getting to the recipient).

The full findings of Proofpoint's DMARC analysis of the 100 largest independent schools show:

• 91% of schools currently do not enforce the recommended strictest level of DMARC, while 42% of schools do not have any DMARC record and are wide open to email fraud and domain spoofing attacks.
• 58% of schools implement some form of DMARC , yet the DMARC policy levels employed vary as follows:
  • 9% use DMARC – Reject (the highest level of protection)
  • 11% use DMARC – Quarantine
  • 38% use DMARC – Monitor

Below are some cyber best practices for students, staff, and other stakeholders:

• Check the validity of all email communication and be aware of potentially fraudulent emails impersonating education bodies.
• Be cautious of any communication attempts that request log-in credentials or threaten to suspend service or an account if a link isn’t clicked.
• Follow best practices when it comes to password hygiene, including using strong passwords, changing them frequently and never re-using them across multiple accounts.

This analysis was conducted in April 2023 using data from the Australian Curriculum, Assessment and Reporting Authority (ACARA).

###

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available

at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.