2020 has been a crazy year for everyone – including higher education institutions. While the world scrambled to keep health care systems afloat AND hold on to flailing economies over the summer, universities and colleges dealt with a different challenge – taking an extremely social experience, the education system, and putting it online. There’s no doubt that online learning saves facility expenses and time, but it has made Higher Ed institutions – and their students and staff – much more vulnerable to cyber attacks. University systems and networks need to be accessible to students from home, and in a time when online study life and online personal life merge, students may very well be putting the institution’s systems at risk as well.

Researchers have spotted numerous email hijacking campaigns from over a dozen different universities since the beginning of the year, including notable institutions such as University of Oxford, Purdue University, and Stanford University. In these campaigns, cybercriminals hack legitimate university email accounts, and then deploy malicious email campaigns using the accounts – hoping to trick victims in to downloading malware or handing over their credentials. Statistics on the number of phishing emails detected in the campaigns to-date shows hijacked Purdue University accounts to be the largest distributors of phishing emails.


(Picture credit: INKY)                                                             

Hijacking campaigns are especially evasive since they're able to bypass spam and malware email filtering. As opposed to fake, made-up “university email addresses”, or university typosquat address attempts, these emails are being sent from university domains and through university servers, so they are able to bypass filtering and authentication mechanisms such as Sender Policy Framework (SPF) and DMARC (Domain-based Message Authentication, Reporting & Conformance), easily reaching victim inboxes. Some of the spotted campaigns included links leading to phishing websites, while others included malicious attachments with malware downloads.

University email hijacking is becoming a thing, and higher education institutions should be on the lookout for compromised accounts in their organization. Aside from the reported campaigns, it is still unknown if similar campaigns are running in numerous other higher education institutions. We strongly recommend enforcing cybersecurity training and awareness inside the organization, as well as using a security solution that ensures reliable protection from this type of attack.