---
title: "Rising Phishing Attacks On Schools And Colleges As Online Education Becomes More Prevalent Than Ever | Phish Protection"
description: "As online education has become more prevalent than ever, schools and colleges face tremendous challenges due to COVID-19."
image: "https://phishprotection.com/og/blog/rising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever.png"
canonical: "https://phishprotection.com/blog/rising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever/"
---

Quick Answer

As online education has become more prevalent than ever, schools and colleges face tremendous challenges due to COVID-19\. There is growing uncertainty on the revival of regular classes for students. Many educational institutions have resorted to online education as an alternative. However, online education comes with its disadvantages. \_Cyber adversaries now have one more sector to target\_. By the looks of it, schools and colleges have become easy targets for these malicious actors. Let us discuss why it is so

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Frising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Rising%20Phishing%20Attacks%20On%20Schools%20And%20Colleges%20As%20Online%20Education%20Becomes%20More%20Prevalent%20Than%20Ever&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Frising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Frising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Frising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever%2F&title=Rising%20Phishing%20Attacks%20On%20Schools%20And%20Colleges%20As%20Online%20Education%20Becomes%20More%20Prevalent%20Than%20Ever "Share on Reddit") [ ](mailto:?subject=Rising%20Phishing%20Attacks%20On%20Schools%20And%20Colleges%20As%20Online%20Education%20Becomes%20More%20Prevalent%20Than%20Ever&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Frising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-software-6715.jpg) 

As online education has become more prevalent than ever, schools and colleges face tremendous challenges due to COVID-19\. There is growing uncertainty on the revival of regular classes for students. Many educational institutions have resorted to online education as an alternative. However, online education comes with its disadvantages. _Cyber adversaries now have one more sector to target_. By the looks of it, schools and colleges have become easy targets for these malicious actors. Let us discuss why it is so and _how to avoid the threat_.

### Why Are Educational Institutions Vulnerable To Cyberattacks?

Here are some reasons why the education sector is **vulnerable to attacks** from malicious actors.

#### Lack of cybersecurity awareness

_Educational institutions are not as active on online platforms as other business entities_. Hence, it is natural for them to have **lower levels of cybersecurity** awareness. Besides, cybersecurity preparedness levels are also not much high, as they do not require as much cybersecurity as, say, a bank.

#### Forced to do something different

With COVID-19 bringing a halt to all educational activities, schools and colleges have been forced to conduct classes online. An educational institution that has been primarily conducting offline classroom lectures will find it challenging to shift to the online mode at short notice. It takes time for teachers and other staff members to understand the significance of maintaining **watertight cybersecurity**.

#### Low levels of cybersecurity

![Anti phishing software](https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-software-6715.jpg) 

As [cybersecurity awareness](/products/phishing-awareness-training/) levels are lower, the chances of schools and colleges becoming targets of **phishing attacks** are more. Malicious actors find such institution networks a soft target that they can attack and seize control of quickly. Thus, _there has been a deluge of phishing attacks on schools and colleges during the initial three to four months of the academic calendar._

#### Lack of dedicated servers

Educational institutions do not have **robust email servers** for sending and receiving emails. Most of them started off using freeware ones, such as Gmail servers. The malicious actors also use these Gmail servers to launch their phishing attacks. _An analysis of the BEC attacks on educational institutions showed that the malicious actors used Gmail accounts in a majority of the attacks_.

### Why And How Malicious Actors Use Gmail

> “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle

[Gmail is popular](https://www.techrepublic.com/article/how-phishing-attacks-are-targeting-schools-and-colleges/) among cyber adversaries as it is free and has an easy registration process. Besides, Gmail has a good reputation. They used email addresses like [boardofdirectors12345@gmail.com](mailto:boardofdirectors12345@gmail.com), [headofdepartment900@gmail.com](mailto:headofdepartment900@gmail.com), and other similar ones to unleash the attacks. These addresses appear legitimate because they seem to be educational titles. However, they are not.

Besides, any subject or tagline containing COVID-19 themes such as ‘COVID updates’ and ‘COVID Follow up,’ quickly capture attention. Unsuspecting victims open these emails out of curiosity and naively click on the malicious links or download compromising attachments.

### Tips To Stay Protected From Cyber Attacks

We have discussed how and why educational institutions **fall prey to cyberattacks**. Here are the steps they can take to [protect themselves](https://edtechmagazine.com/k12/article/2020/08/how-protect-school-systems-ransomware-attacks-perfcon) against cybercrime incidents.

#### Equip yourself against cyberattacks

While it is admitted that _educational institutions do not have the same cybersecurity level as other corporate entities_, there is nothing to prevent these schools and colleges from equipping themselves to prevent cyberattacks like phishing. The educational institutions should **prioritize email security** that leverages AI for identifying unusual senders and requests. Thus, they can protect the staff and students from incidents of **spear phishing**.

#### Invest in takeover protection

Compared to the average business entity, _educational institutions are more susceptible to an account takeover_. Most schools and colleges do not have the requisite tools and resources to protect themselves against such threats. Investing in the appropriate technology can help identify suspicious network activity and look out for account takeover signs.

#### Improve the cybersecurity awareness levels

In educational institutions’ case, the employees, teaching staff, and students are generally the first line of attack for malicious actors. Schools should convert this vulnerability into a strength by **educating the staff** and students to recognize cyberattacks, understand the fraud behind it, and report such incidents immediately. Cybersecurity [awareness training](/products/phishing-awareness-training/) is of paramount importance.

#### Beef up internal policies to prevent wire transfer fraud

In these Pandemic times, educational institutions are forced to use the online mode for accepting fees, making payments and salaries, and other expenses. Therefore, it makes sense to _strengthen internal policies to prevent wire transfer fraud_. It can also help to reduce insider threats. The system should be such that every financial transaction should have two-factor authentication and approval from multiple authorities.

![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-solutions-6713.jpg) 

While most schools and colleges have started conducting online classes, _they have not upgraded their cybersecurity strategies_. As a result, malicious actors find such educational institutions soft targets for an attack. It explains the unusually large number of **phishing attacks** on schools and colleges in recent times. It is high time that the educational sector recognized it and developed [stringent cybersecurity policies](https://www.expresscomputer.in/news/importance-of-stringent-cyber-security-measures-for-smes/30506/) to protect the institutions from such malicious attacks.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Rising Phishing Attacks On Schools And Colleges As Online Education Becomes More Prevalent Than Ever","description":"As online education has become more prevalent than ever, schools and colleges face tremendous challenges due to COVID-19.","url":"https://phishprotection.com/blog/rising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever/","datePublished":"2020-11-09T10:05:38.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-11-09T10:05:38.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/rising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever/"},"articleSection":"foundational","keywords":"Phishing","wordCount":828,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-software-6715.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Rising Phishing Attacks On Schools And Colleges As Online Education Becomes More Prevalent Than Ever","item":"https://phishprotection.com/blog/rising-phishing-attacks-on-schools-and-colleges-as-online-education-becomes-more-prevalent-than-ever/"}]}
```