Security

Phishing Attempts Target US Department of Education Grant Portal

A report says the spoofed website aims to collect login credentials.

Amy McIntosh is the managing editor of EdTech: Focus on Higher Education.

Cybersecurity solutions provider BforeAI’s PreCrime Labs has identified a phishing campaign currently targeting education professionals. According to the company, malicious actors have spoofed the U.S. Department of Education’s G5 portal.

The portal, used for managing federal education grants and funding, requires users to log in with their credentials. The phishing campaign aims to harvest these credentials from users by imitating the G5 website’s layout and login portal.

“These domains attempt to clone or imitate the official G5.gov interface and may be targeting education professionals, grant administrators or vendors tied to the U.S. Department of Education,” a company spokesman says.

Click the banner below to learn how an effective cyber resilience strategy can thwart phishing attempts.

x-cyberresillience2-static-2024-na-desktop

x-cyberresillience2-static-2024-na-mobile

Colleges, or at least former colleges, have themselves been targets of similar attacks in recent years. “Zombie colleges” are now-closed higher education institutions that seem to come back to life when scammers stand up real-looking websites for the shuttered schools. When prospective students visit these sites and try to enroll or request information, the personal details they enter are collected by scammers.

Combating phishing attempts requires effective user training. Ensuring that faculty and staff can spot suspicious URLs and do not click on links from unknown senders can help prevent credential theft. Conduct regular phishing training and alert faculty, staff, and students about current and ongoing threats. In the event of a breach, having an incident response plan in place is key to a quick recovery.

Greggory DiSalvo/Getty Images