Education At Risk: Students Targeted By Malware Attacks
By: Jim Stickley and Tina Davis
October 30, 2019
Research by Kaspersky Lab shows bad actors have successfully infiltrated online education materials. The study found that last academic year, over 350,000 students were targeted by scammers looking to install malware. The range of malware infections includes banking Trojans, adware, spyware, and ransomware. Hackers use inexpensive textbooks and essays as bait for unsuspecting students wanting to save on education materials. Email phishing scams targeting those in education are also rampant. Kaspersky Lab results show that each academic semester presents massive opportunities for those taking advantage of students from grade school to higher learning.
The study found 233,000 of the 350,000 affected involved malicious essays that were downloaded by 74,000 users. It also finds that one-third of the malicious attacks involved textbook lures. There were 122,000 malware attacks disguised as textbooks and over 30,000 users tried to open them. Kaspersky finds those “Free Download” buttons are anything but. The only thing “free” is the malware and users are none-the-wiser. Among the most abused topics, English textbooks were the most popular scam, with 2,080 of K-12 students trying the bogus download. Math came in second with 1,213 infected devices and literature rounds out the top three with 870 victims.
Email phishing scams also present their own challenge to safe downloads. According to the report, a malware worm called Stalk is doing the most damage. Using email spam to proliferate, once Stalk invades a computer it spreads malware to all other connected devices. Those devices could include an entire school network. Stalk steals infected user email contacts and sends emails appearing to be from the user. Students assume the email message is safe since it’s from someone they know. However, as we’ve learned, knowing the sender’s name doesn’t always guarantee the messages is safe or legitimate. Then, they open the malicious attachment and get infected. At this point, Stalk simply repeats its efforts and installs malware, growing exponentially among trusting students. Keeping safe from education malware involves anti-phishing smarts and a secure approach to downloading malicious textbooks and essays.
- Always check a link before clicking. Hover over the URL and look carefully for anything suspicious like misspellings and odd characters. Note where the link is going to take you. If it is at all suspicious, don’t click it.
- Be suspicious of links and attachments. Even if an email appears to be from a trusted friend, remember they too can be hacked and bad actors can send infected emails in their name. If you’re not expecting it, confirm with the sender independently of replying to the email.
- Avoid using public Wi-Fi. Fake web pages are abundant and they love using open Wi-Fi. Consider a VPN (Virtual Private Network) for secure online travel.
- Always pay attention to the site hosting textbook and essay sales. Go to legitimate sources with good reviews for purchases.
- Be aware of file extensions used with downloads. If it’s an .EXE file extension, don’t open it. Books and essays should be in a format such as .PDF.
- Make sure you’re using updated operating systems and apps. Always apply updates as soon as they are available.