Search

Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates

Cyber threats and incidents
By Evan Rowe

Related

Founders, Analysts & Industry Voices

CISOs to Watch in California County and City Level Government

California’s county and city governments operate some of the...
Read more
Founders, Analysts & Industry Voices

CISOs to Watch in California State Government

California state government depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California Community College

California’s community college districts serve large and varied populations...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California Universities

California’s university sector depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s High-Tech Manufacturing Industry

California’s high-tech manufacturing sector sits at the intersection of...
Read more

Share

What happened

Harvard warned affiliates of an active cyberattack in which threat actors are impersonating university IT staff to gain access to accounts and sensitive data. In a Friday message, the university said the attackers are contacting affiliates directly, often urging them to join live phone calls or visit fraudulent websites designed to mimic official Harvard pages. Harvard Chief Information Security and Data Privacy Officer Michael Tran Duff described the activity as “an active and specific cybersecurity threat” and urged recipients to remain on high alert. He warned affiliates not to engage with unsolicited messages claiming to be from Harvard IT, not to install software or run commands at a caller’s direction, and not to log into unfamiliar websites. The university also said legitimate Harvard websites will always end in “.edu.” 

Who is affected

The direct exposure affects Harvard affiliates who may be contacted by attackers posing as university IT staff. The campaign is aimed at stealing login credentials and gaining access to accounts and sensitive data through fake calls and fraudulent websites. 

Why CISOs should care

This incident matters because it involves targeted social engineering that relies on trusted institutional branding rather than software exploitation. It also shows how phone calls, fake support interactions, and spoofed login pages can be combined to pressure users into giving up credentials or following attacker instructions in real time. 

3 practical actions

  1. Reinforce trusted-channel verification: Make sure users verify IT outreach through known institutional channels before joining calls, entering credentials, installing software, or running commands.
  2. Treat live-call social engineering as a priority risk: Update awareness and response procedures to cover attacker-led phone calls and fake support interactions, not just phishing emails.
  3. Escalate suspected targeting immediately: Encourage rapid internal reporting because the university said quick response can make a meaningful difference in limiting impact. 

For more news about phishing-led intrusions and impersonation-based threats, click Cyberattack to read more.

Previous article
Uffizi Says February Cyberattack Did Not Result in Data Theft or Loss
Next article
CISOs to Watch in Texas Finance and Banking: Leaders Securing a High-Stakes Industry
Founders, Analysts & Industry Voices

CISOs to Watch in California County and City Level Government

California’s county and city governments operate some of the...
Founders, Analysts & Industry Voices

CISOs to Watch in California State Government

California state government depends on cybersecurity leaders who can...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.