Kaspersky has issued a warning about a new wave of phishing attacks aimed at universities and their communities as the academic year begins. According to the cybersecurity firm, attackers are setting up fraudulent login pages that closely resemble official university portals in order to steal student and faculty credentials.
The malicious sites are being spread through phishing emails and even appear in search engine results when users look for their institution’s login page. Once a victim enters their credentials, attackers gain access to sensitive information such as academic records, financial details, and personal data stored within university accounts. In some cases, passwords are changed, locking students or staff out of essential services including course materials, email, and payment systems.
The threat is not limited to one region. Kaspersky reports that institutions across multiple areas, including the Middle East, Turkey, and Africa (META), have been targeted. Compromised accounts are also being used to send additional phishing messages to peers, increasing the spread of the campaign within academic networks.
The fake portals are designed to mirror legitimate university systems, using copied branding and familiar layouts to convince users that they are logging in securely. This kind of impersonation attack is particularly effective at the start of an academic term, when large numbers of students and professors are trying to access online resources.
Kaspersky advises users to remain cautious by verifying URLs before entering credentials, accessing university sites through official channels, and enabling multi-factor authentication wherever possible. Universities, in turn, are encouraged to raise awareness among students and staff, and to strengthen monitoring systems that can detect and block suspicious login attempts.
