Skip to main content

Harvard University website

Harvard Issues Alert Over Sophisticated IT Staff Impersonation Scam

University officials and security experts warn of a high-fidelity social engineering campaign targeting Ivy League credentials and sensitive data.

Harvard University issued an emergency alert to students and faculty, warning of an active cybersecurity threat in which attackers impersonate university IT staff to hijack user accounts.

The ongoing campaign utilizes direct contact through phone calls and phishing links. According to a message sent to university affiliates, threat actors are directing individuals to fraudulent websites designed to mirror official Harvard login portals to steal credentials or install malicious software.

Michael Tran Duff, Harvard’s chief information security and data privacy officer, characterized the activity as a "specific cybersecurity threat" and urged the community to remain on high alert. University officials noted that legitimate Harvard websites will always end in the ".edu" domain.

The alert follows a report by Crimson staff writers Sebastian B. Connolly and Summer E. Rose, which noted that Harvard affiliates were urged not to execute commands or install software at the direction of unsolicited callers.

While Harvard has not confirmed the number of compromised accounts, the incident mirrors a broader trend of "vishing” (voice phishing) targeting higher education. Similar attacks were recently reported at the University of Pennsylvania’s Annenberg School, University College London and the University of Victoria.

Industry experts suggest the sophistication of these attacks renders traditional security training less effective.

"The speed of these attacks, often reaching full account takeover in under a minute, proves that legacy security awareness training is an insufficient defense," said Damon Small, a member of the board of directors at Xcape, Inc. Small noted that attackers are using remote support tools and "typosquatted" portals to bypass standard multi-factor authentication.

This incident marks the third significant security challenge for the university in the past year, following a breach claimed by the Clop cybercrime group in September and a phishing attack on the Alumni Affairs and Development Office in November.

Denis Calderone, CTO of Suzu Labs, noted that Harvard's $50 billion endowment makes it a primary target for groups seeking high-value donor databases and intellectual property.

"A donor database is full of the wealthiest, most influential people on the planet," Calderone said. He recommended that universities implement strict network segmentation to ensure that a compromised student or alumni credential cannot grant access to core institutional research or financial systems.

Harvard University Information Technology spokespeople have declined to comment further on the ongoing investigation.

About the Author

Jesse Jacobs is assistant editor of CampusSecurityToday.com.

Featured

Most   Popular