Google Warns of Phishing Attacks on Higher Education Institutions

Google and Mandiant warn of rising phishing attacks on U.S. higher education, exploiting academic schedules and institutional trust since August 2024.

All about the attack

These phishing attacks, active since at least October 2022, have targeted thousands of users each month. Attackers strategically time their campaigns around critical academic events, such as the start of the school year and financial aid deadlines, exploiting the urgency and trust associated with these periods.

Tactics include hosting fraudulent Google Forms on compromised university domains to harvest login credentials and cloning university login portals to redirect payments. These methods deceive students, faculty, and staff into unknowingly providing sensitive financial and personal information.

One campaign used phishing emails to direct victims to fake Google Forms mimicking university communications, tricking users into entering login credentials or financial details. While many forms were removed, attackers continue to reuse compromised platforms.

Another tactic involved cloning university login pages and hosting them on attacker-controlled sites, using JavaScript-based redirects to evade detection. Some attacks redirected financial aid or payroll funds to attacker accounts.

A third campaign targeted faculty and staff with phishing emails promising salary increases or bonuses in exchange for login credentials.

After compromising accounts, attackers sent phishing forms to students, posing as job offers to steal personal and financial data.

Impact and Mitigation

Phishing attacks cause financial losses, reputational harm, and operational disruptions for educational institutions. To mitigate these risks, Google advises:

• Enable Multi-Factor Authentication (MFA): Adds a layer of security to prevent unauthorized access.
• Employee Training: Educates staff on spotting phishing attempts and fraudulent financial requests.
• Advanced Email Security: Uses tools to detect domain anomalies and malicious patterns.
• Payment Verification Protocols: Implements strict checks for payment detail changes.
• Incident Response Plans: Establishes strategies for breach containment and law enforcement collaboration.

Google’s Workspace Trust and Safety team continues to monitor these threats, urging institutions to stay vigilant and adopt proactive security measures.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!