Hunter College

Hunter College, located in the United States, was among multiple universities whose legitimate email accounts were compromised in a coordinated phishing and malware campaign disclosed on October 29, 2020. Attackers used these hijacked accounts to distribute fraudulent emails that masqueraded as system alerts or missed-call notifications. These messages directed recipients to credential-harvesting websites or contained malicious attachments designed to infiltrate victim systems. The initial compromise of the accounts likely stemmed from weak password practices, shared user access, or misconfigured email servers that permitted unauthorized message relay. By leveraging the trusted status of academic email domains, the attackers successfully evaded standard email authentication protocols including SPF and DMARC, thereby bypassing institutional security filters. This incident demonstrated a strategic exploitation of the education sector's email infrastructure to amplify the credibility of phishing attempts against external targets.

The campaign specifically targeted the inherent trust associated with academic domains, using Hunter College's compromised accounts as a vector to deceive recipients outside the institution. This activity occurred against the backdrop of the COVID-19 pandemic, during which the rapid expansion of remote learning across educational institutions correlated with a notable increase in account takeover incidents. The attackers' method of sending phishing emails from legitimate university accounts significantly increased the likelihood of bypassing technical defenses and social engineering recipients into divulging sensitive information or executing malware. The event highlighted critical vulnerabilities in email security configurations within higher education, particularly where authentication protocols are improperly implemented or credential hygiene is lax. For Hunter College, the incident served as a concrete example of how cybercriminals capitalize on organizational trust relationships and widespread operational shifts, such as pandemic-related remote operations, to conduct large-scale phishing operations.