Harvard is monitoring an ongoing cybersecurity threat involving individuals impersonating University information technology staff to gain access to accounts and sensitive data, according to a Friday afternoon message to affiliates.
The attackers are contacting affiliates directly — often urging them to join live phone calls or directing them to fraudulent websites designed to mimic official Harvard pages — in an attempt to steal login credentials, according to the email.
Harvard Chief Information Security and Data Privacy Officer Michael Tran Duff wrote that the scam represents “an active and specific cybersecurity threat,” urging affiliates to remain on “high alert.”
Duff cautioned recipients not to engage with unsolicited communications claiming to be from “Harvard IT,” and warned against logging into unfamiliar websites, installing software, or executing commands at a caller’s direction. Legitimate Harvard websites, he noted, will always end in “.edu.”
The alert comes amid a broader wave of similar attacks at peer institutions. On Thursday, officials at the University of Pennsylvania’s Annenberg School warned affiliates of nearly identical “advanced social engineering attacks” involving impersonation and fake university websites.
Harvard’s Friday warning follows a series of recent cybersecurity incidents at the University.
In September, Clop — a Russian-speaking cybercrime group known for exploiting software vulnerabilities and extorting organizations by threatening to publish stolen data — claimed it had breached Harvard through a flaw in Oracle’s E-Business Suite and planned to release the information on its leak site.
Two months later, a phone-based phishing attack allowed an unauthorized user to access donor and contact information from Harvard’s Alumni Affairs and Development Office.
Duff wrote that affiliates who believe they may have been targeted to report the incident immediately, emphasizing the importance of a rapid response.
“Mere minutes can make the difference in Harvard’s ability to protect you and the University,” he wrote.
A spokesperson for Harvard University Information Technology declined to comment. University spokespeople did not immediately respond to a request for comment.
—Staff writer Sebastian B. Connolly can be reached at [email protected] or on Signal @sbc.23. Follow him on X @SebastianC4784.
—Staff writer Summer E. Rose can be reached at [email protected] or on Signal @ser.85. Follow her on X @summerellenrose.
