Harvard University is warning its community that con artists are actively posing as Harvard IT staff in a coordinated push to steal login credentials and other sensitive data. The scheme mixes real-time phone calls with convincing look-alike websites and can feature callers asking people to install software or run commands on their devices at the caller's direction, as per The Harvard Crimson.
Harvard's warning
Chief Information Security and Data Privacy Officer Michael Tran Duff told affiliates the campaign amounts to “an active and specific cybersecurity threat” and urged everyone to stay on “high alert” and ignore any unsolicited messages that claim to come from Harvard IT. He also reminded recipients not to sign in to unfamiliar sites and noted that legitimate Harvard websites will always end in “.edu,” according to The Harvard Crimson.
How the scam works
The attackers are leaning on voice-based social engineering, commonly called vishing, to pressure people into handing over passwords or installing remote-access tools. Federal guidance notes that these calls increasingly rely on spoofed caller ID and highly convincing voice tactics, so security officials advise hanging up and reporting any suspicious caller instead of following their instructions, according to the United States Postal Inspection Service.
Where this fits into the bigger wave
The latest alert lands on top of a recent string of hits against higher education and corporate systems. The extortion group Clop previously listed Harvard on a leak site after an alleged exploitation of Oracle E-Business Suite software, and a phone-based phishing incident last November exposed donor and contact information in the university’s alumni systems, according to BleepingComputer and reporting by The Boston Globe.
What affiliates should do now
Harvard is asking anyone who thinks they were targeted to report it right away and to refuse to log in to any site or install any software at a caller’s request. The university’s incident page lists [email protected] and a response line at 1-833-556-4315 for questions and reporting, and stresses that quick reporting helps limit the damage, according to Harvard University Information Technology. Victims can also file complaints with the FBI’s Internet Crime Complaint Center at IC3 or with the Federal Trade Commission at ReportFraud.ftc.gov, and security officials recommend preserving message headers and avoiding any follow-up contact with suspicious callers.
Why minutes matter
“Mere minutes can make the difference in Harvard’s ability to protect you and the University,” Duff wrote, underscoring the request that affiliates report even brief or seemingly minor suspicious contacts as soon as they happen, according to The Harvard Crimson.
