Skip to main content

Compromising Campus Accounts: Attackers Harvest Credentials and Duo OTPs for Account Takeover

A phishing campaign targets universities, stealing credentials and Duo OTPs for real-time account takeover. Learn how it works and how to stop it.

Key Insights

Phishing kits capture both login credentials and Duo OTPs in real time, enabling immediate account takeover before victims detect the attack.

Attackers impersonate legitimate university authentication portals with high precision to bypass institutional defenses and user suspicion.

Compromised campus accounts are weaponized for lateral phishing campaigns and payroll fraud after initial access is gained.

Adversaries create malicious mailbox rules post-compromise to exfiltrate data and maintain persistent access to victim accounts.

The campaign exploits legitimate compromised accounts as sending infrastructure, increasing email credibility and evading detection.

Get the Full Threat Report

Tell us where to send it and you'll get instant access.

Skip

A sophisticated phishing campaign is targeting universities and colleges, exploiting legitimate compromised accounts and familiar institutional lures to bypass defenses and deceive students, faculty, and staff.

The attackers send carefully crafted emails directing recipients to fraudulent university portals impersonating legitimate authentication systems with alarming precision. Purpose-built phishing kits seamlessly capture both login credentials and Duo one-time passcodes, enabling real-time account takeover. Once inside, adversaries create malicious mailbox rules, exfiltrate data, and launch lateral phishing campaigns.

Our threat intelligence report, Compromising Campus Accounts: How Attackers Harvest Credentials and Duo OTPs for Account Takeover, uncovers how this campaign evolved, why it’s so effective, and how security leaders can stop it.

Download the Threat Intelligence Report to:

  • Understand how attackers combine credential theft and OTP capture to execute real-time account takeovers

  • See how phishing kits perfectly mimic university login systems to bypass suspicion

  • Learn how attackers use compromised academic accounts for lateral phishing and payroll fraud

  • Discover actionable defenses to stop these attacks before they succeed


Fill out the form to get your copy today.

Earn ISC2 CPE (1 credit)

This resource is ISC2 CPE eligible. Submit the credit form to claim your continuing-education credits.

See Abnormal in Action

See how behavioral AI detects the attacks that legacy defenses miss.