A sophisticated phishing campaign is targeting universities and colleges, exploiting legitimate compromised accounts and familiar institutional lures to bypass defenses and deceive students, faculty, and staff.

The attackers send carefully crafted emails directing recipients to fraudulent university portals impersonating legitimate authentication systems with alarming precision. Purpose-built phishing kits seamlessly capture both login credentials and Duo one-time passcodes, enabling real-time account takeover. Once inside, adversaries create malicious mailbox rules, exfiltrate data, and launch lateral phishing campaigns.

Our threat intelligence report, Compromising Campus Accounts: How Attackers Harvest Credentials and Duo OTPs for Account Takeover, uncovers how this campaign evolved, why it’s so effective, and how security leaders can stop it.

Download the Threat Intelligence Report to:

• Understand how attackers combine credential theft and OTP capture to execute real-time account takeovers

• See how phishing kits perfectly mimic university login systems to bypass suspicion

• Learn how attackers use compromised academic accounts for lateral phishing and payroll fraud

• Discover actionable defenses to stop these attacks before they succeed