University Email Scams

Cybercriminals are spoofing university email addresses and tricking students into giving them their login credentials.

Once a student officially signs up with a college or University they are given their very own school email address. These email addresses use the University’s domain name and usually have some variation of firstname@harvard.edu.Cybercriminals know that everyone has the same variation email at one school so it’s easy for them to hack into student’s accounts.

In this scam, cybercriminals will gain access to the student’s email and then will send a phishing email from the stolen email address. Since this stolen email address comes from the university’s domain it looks more legitimate to the receiver. In this phishing email, the wording states that some emails are being blocked from your inbox and in order receive them you need to click on the link. The link goes to a spoofed login page and if you login with your credentials they go straight to the cybercriminals who then can use that login information.


  • Never click on an email that you weren’t expecting.
  • If you get an email or notification about an account issue make sure to log into the trusted website on a different browser to see if it is legitimate.
  • Be cautious of any email. If an email looks like it comes from a trusted source it could still be fake.
  • Always look for red flags in an email.

Learn more tips like this and train your employees with our Security Awareness Training Program.