University of Westminster receives 200,000 malicious emails

The University of Westminster says it has successfully blocked ransomware and BEC attacks amidst a barrage of hostile emails

The University of Westminster has been targeted with nearly 20,000 malicious emails every month since October 2020, including phishing, business email compromise (BEC) and ransomware attacks, according to official figures.

The data was uncovered via the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the number of email attacks blocked from when the University began keeping records of attack data in October 2020 to December 2021, as well as the types of attack that were blocked.

In total, there were almost 290,000 email attacks blocked by the University of Westminster, during the reporting period, with spam attacks comprising 92 per cent of threats blocked.

The university neutralised over 1,100 phishing attacks each month, where a malicious actor sends fraudulent messages to trick victims into disclosing personal information.

The University of Westminster also disclosed that it successfully blocked 28 ransomware email attacks along with 394 business email compromise (BEC) attacks, where a cyber attacker infiltrates a company’s email system and poses as an employee, sending targeted attacks asking for money to company staff.

Virus and scam attacks accounted for a further 2,648 blocked attacks by the University, since they began taking record of malicious email types in 2020.

Tim Sadler, Co-Founder and CEO of Tessian, commented on the attack: "With so much valuable data - including the personal and financial details of staff and students, intellectual property and world-leading research - universities are a very attractive target for cybercriminals. It just takes one convincing phishing email to trick an employee or student into sharing their credentials or downloading an attachment that contains malware or ransomware, for the institution's security to be compromised. The problem is that so many new students and faculty staff each year, combined with the shift to remote learning during the pandemic, the opportunity for phishing attacks is ripe and the number of attacks is increasing. To tackle this rising threat, universities must ensure that staff and students are educated on threats they could receive and that processes are in place for victims to easily report incidents." 

Chris Ross, SVP International, Barracuda Networks, added: “The onslaught of email attacks continues to remain prevalent, as highlighted by our recent report showing that Covid test related email attacks have risen by 521% since October 2021. Fighting these attacks requires constant solutions and it is good to see organisations both recording and preventing email attacks.

“Malicious actors are finding new ways of infiltrating company systems and that requires staff to receive appropriate training to stay vigilant of potentially damaging attacks. Alongside training, email security utilising artificial intelligence is a solution which can help stop attacks at source, flagging unusual emails designed to bypass email protection.” 


Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security