Professional networking platforms — LinkedIn, Twitter/X, ResearchGate, Academia.edu, and even Slack and Microsoft Teams — have become essential tools for career development, research collaboration and maintaining professional relationships in higher education. However, these same platforms are now prime hunting grounds for sophisticated cybercriminals using social engineering tactics to exploit trust and steal sensitive information.
Why this matters now
The threat has escalated dramatically. According to the Federal Trade Commission, Americans lost $12.5 billion to scams in 2024, a 25% increase from the previous year, with attacks increasingly targeting trusted professional platforms. Phishing attacks on LinkedIn alone have skyrocketed by 232% since 2022, and nearly 16 million fake accounts have been identified. Similar patterns are emerging across other professional networks.
Higher education institutions are particularly vulnerable. Universities host diverse populations with varying levels of technological expertise, maintain open networks prioritizing academic freedom and contain vast amounts of valuable data, from personal student information to research. In 2025, the education sector faced an average of 4,388 cyberattacks per week, more than double the global average for all sectors. This combination makes our community an attractive target for attackers.
Threats across professional platforms
- Fake platform notifications: Malicious actors impersonate official platform communications on LinkedIn, ResearchGate or even Slack, claiming accounts are restricted, suspicious activity detected or urgent action required. These messages include official-looking branding and URL shorteners to appear legitimate.
- Fraudulent profiles and impersonation: Scammers create fake profiles on LinkedIn, Twitter/X or academic platforms with incomplete details, stolen photos and generic messages. They may also impersonate colleagues, conference organizers or journal editors to gain trust.
- Phishing through professional channels: Fake collaboration requests, conference invitations, journal submission solicitations; job offers sent via LinkedIn or email; or direct messages requesting upfront fees, login credentials or access to institutional systems.
- Compromised collaboration tools: Attackers gain access to Slack workspaces, Microsoft Teams channels or shared research platforms, then use legitimate channels to distribute malicious links or request sensitive information from seemingly trusted accounts.
- Research and intellectual property theft: Nation-state actors and competitors use professional platforms to identify researchers, build relationships over time and eventually request access to proprietary research, unpublished data or institutional systems.
How to protect yourself
1. Verify all communications independently. Don’t click links in unexpected messages. Instead, go directly to the platform by typing the URL yourself. Authentic emails from LinkedIn end in @linkedin.com, Microsoft messages in @microsoft.com, etc. If a message creates urgency or threatens account suspension, it’s likely a scam.
2. Scrutinize connection and collaboration requests. Before accepting connections or joining new workspaces, verify the person’s identity through multiple channels. Check for incomplete profiles, lack of mutual connections, suspicious timing (right before a deadline or conference) or requests that don’t match normal professional behavior.
3. Enable two-factor authentication everywhere. Add 2FA to LinkedIn, Twitter/X, Slack, Microsoft Teams, Google Workspace, ResearchGate and any platform connected to your professional identity. Use strong, unique passwords for each platform, and never share credentials through messages or email.
4. Limit public information strategically. Review what’s publicly visible across all your professional profiles. Remove or restrict access to phone numbers, personal email addresses, detailed schedules, research focus areas or information about institutional systems and access levels.
5. Be cautious with research and collaboration invitations. Verify conference invitations through official conference websites. Check journal legitimacy before submitting. Be wary of unsolicited collaboration requests, especially those offering funding or access to resources without vetting. When in doubt, contact the person through an official institutional email.
6. Trust your instincts and verify unusual requests. If something feels off, it probably is. This includes urgent payment requests, unusual file-sharing links, colleagues asking for information they should already have or opportunities that seem too good to be true. Take time to verify through official channels before responding.
The institutional impact
The stakes are significant. The average cost of a data breach in the U.S. education sector reached $10.22 million in 2025, with 97% of higher education institutions experiencing phishing attacks. Beyond financial damage, 40% of higher education IT leaders report heightened anxiety and stress from managing security incidents. When one community member’s account is compromised, attackers can gain access to broader institutional networks, sensitive research data, student information and the credentials of colleagues and collaborators.
If you suspect a scam
Report suspicious activity immediately to the platform (LinkedIn, Slack, Microsoft, etc.) and the ITS Service Desk. Early detection and response are critical to minimizing potential damage. Watch for: unexpected posts or messages from your accounts, password changes you didn’t initiate, strange messages sent to your connections, unfamiliar devices accessing your accounts, or colleagues reporting suspicious communications from you.
By staying vigilant across all professional platforms and following these security practices, you help protect yourself and our entire academic community. Cybersecurity is all of our responsibility.
