“Cybercriminals are always going to leverage key events to drive targeted attacks using social engineering techniques such as impersonation and universities are no exception to this. “Ahead of A-Level results day, student applicants must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on their future.” The increased threat posed by hackers has led the government to act in recent years, most notably forming the National Cyber Security Centre in 2016. A recent report by cybersecurity firm Proofpoint has revealed that the vast majority of the UK’s universities, including Oxford, have failed to take recommended precautionary steps to protect students from crime online, and this particularly threatens new students around results day. “Institutions and organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. “Proofpoint researchers found that the education sector saw the largest year-over-year increase in email fraud attacks of any industry in 2018, soaring 192 percent to 40 attacks per organisation on average. Only one in twenty of the universities surveyed was using the recommended level of DMARC (Domain-based Message Authentication, Reporting and Conformance) protection, with 30% using some form of the tool below the recommended level and the rest using no DMARC protection at all. Kevin Epstein, vice-president of threat operations, said: ”By not implementing simple, yet effective email authentication best practices, Universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data. However, Proofpoint’s report suggests that the same could not be said of many universities. A response from the National Cyber Security Centre emphasised how closely it was working with universities and other public bodies. A spokesperson for the Centre said, “NCSC experts work closely with the academic sector to improve their security practices and help protect education establishments from cyber threats”.