Most universities provide students with email addresses from the university’s official domain. For example, a student’s email address could be firstname[at]harvard[dot]edu. Since these email addresses use real university domains, cybercriminals try to gain access to student email accounts so they can use them for their own malicious purposes.
To start the scam, cybercriminals use social engineering to gain access to a student’s email account. If they are successful, the cybercriminals will send you a phishing email from the stolen email address. The university email address makes the email appear more legitimate. The email states that some messages are being blocked from your inbox and provides a link to a spoofed login page. If you click this link and enter your login credentials, cybercriminals can use your login credentials to access your sensitive information.
Don’t let a university email scam trick you. Follow the tips below to keep your sensitive information safe:
- Even if the sender’s email address is from a trusted domain, the email could be fake. Cybercriminals can gain access to trusted domains to make their scams more believable.
- When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
Never click a link in an email that you aren’t expecting. If the email claims that you have an account issue, log in to the organization’s website directly to verify the claim.
Stop, Look, and Think. Don’t be fooled.
Protect your network! Learn more about security awareness training for your team.