A large number of universities, including Standford University and the University of Oxford, are suffering from cyber attacks in which their email accounts are hijacked. Once hijacked the emails accounts are then used to trick the victims into exposing their email credentials and even installing malware.
CEO and co-founder of INKY, Dave Bagget, said that there are no signs of how the emails accounts are being compromised. However, he believes that the victims of the attacks fell for a credential-harvesting scheme. Inky researched said that “a student may never change an originally assigned password, or may share it with a friend or friends.” The researchers also said that “a professor may give a student the password to an account for a particular project and never change it when the project is done. Hackers tapping around find these carelessly handled accounts, take them over, and change the passwords themselves, locking out the original owner.” University students are especially susceptible to hacks due to their poor password keeping habits.