In recent attacks, cybercriminals gain access to university students’ email accounts so they can use them for their own malicious purposes.
Most universities provide students with email addresses from the university’s official domain. For example, a student’s email address could be firstname[at]harvard[dot]edu. Since these email addresses use real university domains, cybercriminals try to gain access to student email accounts so they can use them for their own malicious purposes.
To start the scam, cybercriminals use social engineering to gain access to a student’s email account. If they are successful, the cybercriminals will send you a phishing email from the stolen email address. The university email address makes the email appear more legitimate. The email states that some messages are being blocked from your inbox and provides a link to a spoofed login page. If you click this link and enter your login credentials, cybercriminals can use your login credentials to access your sensitive information.
Don’t let a university email scam trick you. Follow the tips below to keep your sensitive information safe:
- Even if the sender’s email address is from a trusted domain, the email could be fake. Cybercriminals can gain access to trusted domains to make their scams more believable.
- When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
- Never click a link in an email that you aren’t expecting. If the email claims that you have an account issue, log in to the organization’s website directly to verify the claim.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.