Spear phishing is a personalised phishing attack that targets a specific organisation or individual.
Educational institutions are more than twice as vulnerable to a carefully-crafted business email compromise (BEC) attack than an average organisation, said the report by Barracuda Networks, a leading provider of cloud-enabled security solutions.
Using this form of attack, threat actors have taken hold of schools, resulting in devastating losses.
While the scale of attacks dropped by 10-14 per cent during July and August, the number substantially picked up in September, said the report.
"While online teaching and learning is a crucial part of the new normal, it is also important for students and teachers to act mindfully before, during and post the online classes," Murali Urs, Country Manager-India, Barracuda Networks, said in a statement.
"Neither every system has an updated antivirus protection, nor everyone is aware of how to respond to these attacks. Investing in the right cybersecurity solutions along with gaining proper knowledge on prevention methods is, therefore, the need of the hour."
The researchers also highlighted the advent of two more common types of attacks: email scams and service impersonation, against schools between July and September.
The report also revealed that Gmail accounts were the primary medium for cybercriminals to launch the aforementioned attacks - accounting for 86 per cent of all BEC attacks on the education sector.
Cybercriminals prefer to use well-known email providers like Gmail because they are free, easy to register, and have a higher reputation in the market.
They customised malicious email addresses using terms like ‘principal', ‘head of department', ‘school', and ‘president' to make them look realistic.
In fact, attackers even used convincing subject lines to quickly grab the victim's attention and thus create a sense of urgency.
Some of them include COVID-19 New Updates, COVID-19 School Meeting, COVID-19 Update, and Follow Up Right Now, among others, said the report.