As the new academic year begins, Kaspersky has detected a wave of phishing webpages targeting college and university students as well as professors.
Attackers are deploying fake login portals that mimic official university websites, tricking users into entering credentials which can lead to stolen data or a complete loss of access to their university accounts. Links to these phishing portals are either distributed in emails or appear in web search results when looking for academic institutions’ login pages.
The fraudulent portals closely replicate the branding and design of legitimate university systems. Students of multiple academic institutions across different regions have been targeted, including META (the Middle East, Turkiye and Africa).
If users enter their credentials on these fake academic portals, cybercriminals can steal sensitive data such as login details which grant access to university accounts containing personal information, academic records, and financial data.
Attackers may also change the passwords, blocking students and professors from critical resources like course materials, email, or payment systems. Compromised accounts can be used to send phishing emails to peers, spreading the attack within university networks.
“Colleges and universities are vulnerable due to their reliance on digital platforms and the high volume of users accessing systems during the back-to-school rush.
These fake login portals can appear convincing, exploiting the trust that students and professors place in their university systems. We’re urging the academic community to stay vigilant and double check the web addresses of their educational institutions’ login pages to avoid losing data,” comments Olga Altukhova, Senior Web Content Analyst at Kaspersky.
To stay safe against education fraud, Kaspersky recommends the following.
• Enable multi-factor authentication (MFA): Activate MFA wherever possible, adding an extra layer of security to your online accounts. Use a reliable password manager that doesn’t just store your passwords but also generates one-time passwords for 2FA automatically.
• Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Premium.
• Stay skeptical: Exercise caution when encountering “too good to be true” offers, especially if they require payments or personal information upfront.
• Verify the source: Thoroughly research any scholarships, giveaways, or offers that come your way. Look for official contact details and confirm legitimacy before taking any action.
• Secure personal information: Avoid sharing sensitive data online unless you’re absolutely certain about the legitimacy of the request.
• Use trusted sources: Stick to official school websites, recognized scholarship platforms, and reputable retailers when making payments or providing personal information.
