← All newsletters

College/University Cyber Alert Special Bulletin — Security Alert July 2026
Feature · Mobile Account-Takeover Alert

It's Not If, But When

From Ann Arbor to San Diego, a wave of phishing texts, emails, and calls has turned student and faculty phones into the entry point for campus-wide breaches. These are real cases — and the question is no longer if your campus is next, but when.

Eighteen campuses, one phishing kit. From April to November 2025, one crew used the Evilginx toolkit to clone campus sign-in pages and steal the session cookies that defeat multi-factor authentication, hijacking student accounts even where MFA was switched on.

The University of Michigan ranked among the campaign's top five targets. Branded links sent by text and email funneled students to look-alike sign-on portals; one tap on a phone handed attackers a live session.

UC Santa Cruz and UC Santa Barbara topped the same target list; the University of San Diego was the first confirmed victim on April 12, 2025, and Virginia Commonwealth University rounded out the top five. On phones, shortened links hide the cues that tip off desktop users.

Harvard University fell to a phone-based vishing call in late 2025 that exposed alumni and donor systems. Smishing warnings at Montclair State and account-hijacking phishing at Cal State Long Beach prove every tier of higher ed is a target.

18universities hit in one phishing wave
70+fake campus login domains found
1M+records leaked in one Ivy breach
251ransomware hits on education, 2025

The Breach List Keeps Growing

The University of Pennsylvania was hit twice in autumn 2025. Attackers used social engineering to steal a single sign-on login that was exempt from MFA, then blasted an offensive email from official Penn addresses.

Princeton University lost an Advancement database in November 2025, spilling alumni, donor, and student contact details that fuel the next wave of targeted phishing texts.

1.4M patients

Texas Tech Univ. Health Sciences Center — SSNs, medical & financial data (2024)

870K people

Columbia University systems breached (2025)

3.49M individuals

University of Phoenix records compromised (2025)

And it scales: one supply-chain attack on the MOVEit file-transfer tool reached roughly 900 U.S. institutions through the National Student Clearinghouse.

Your Phone Is the Front Door

+224%rise in phishing aimed at universities (2024)
83%of phishing attacks now target mobile devices
6–10×more likely to fall for a text-message scam

The Shield: Zimperium Mobile Threat Defense

On-device AI detects zero-day threats with no cloud lookups — and keeps working offline.

Absolute on-device privacy: sensitive personal data never leaves the phone.

Stops phishing, malicious apps, and network and device attacks — all four threat vectors.

Recognized as a Leader in the Forrester Wave for mobile threat defense.

All information provided herein is non-confidential and is in the public domain and readily available to any interested party.