The Student Loans Company (SLC) was hit by over five million email attacks last year, but appears to have weathered the cyber-storm from hackers.
A Freedom of Information (FOI) request issued by law firm Griffin Law revealed the scale and nature of the email threat to the government-owned public body, which provides funding for over 1.3 million UK students.
A total of 5,445,273 email attacks were recorded by the SLC last year, 10,125 of which were linked to malware, and 19,188 of which were phishing attempts. The vast majority, 5,415,960, were classified as spam.
Although the data does not list any successful email attacks, the scale of the threat is clear from the figures. In fact, data from security vendor Trend Micro issued recently revealed that the firm blocked nearly 48 billion email-borne threats in 2019, 91% of the total it detected during the 12 months.
Tim Sadler, CEO at Tessian, argued that the SLC was understandably a major target for cyber-criminals given the vast trove of personal and financial information it holds on UK students.
“Phishing attacks are particularly effective because they are relatively easy and inexpensive to execute — it just takes one employee to fall for the scam and the attacker can steal money, harvest credentials or install malware onto devices,” he explained.
"In the case of SLC, it's likely that hackers will impersonate a trusted brand or individual to lure individuals to fake websites in order to steal their login credentials. With these credentials, attackers can then access an individual's account and send emails on their behalf.”
If they’re able to hijack an SLC account, hackers could pose as an employee to make phishing emails to students appear even more convincing, Sadler added.
A mixture of improved employee awareness training and technology filters that can better spot malicious and spoofed emails is the key to tackling such threats.