Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Warning: Phishing Campaign Leveraging Evilginx Targets U.S. Universities

    KnowBe4 Team | Dec 9, 2025

    Credential Harvesting Phishing CampaignThreat actors are using the open-source phishing framework Evilginx to target universities across the United States, according to researchers at Infoblox. The attackers have targeted at least 18 universities and educational entities since April 2025, using phishing pages that spoofed student single sign-on (SSO) portals.

    “In the campaigns we analyzed, students were targeted via personalized emails that contained TinyURL links,” Infoblox says. “These short links redirected to phishing URLs dynamically generated from Evilginx phishlets—configuration files that define how the proxy interacts between the victim’s device and the legitimate site.

    “Each phishing URL used a subdomain that impersonated the target brand and a URI with eight random alphabetic characters (case-insensitive). The URLs expired within 24 hours, a tactic to limit exposure and evade detection. When victims accessed the phishing URL, Evilginx proxied the legitimate login flows in real time, making traffic appear normal and bypassing MFA.”

    Notably, Evilginx has built-in measures that help its attacks avoid detection, allowing unskilled threat actors to launch sophisticated, evasive phishing campaigns.

    “The low detection rates across the cybersecurity community highlight how effective Evilginx’s evasion techniques have become,” the researchers write.

    “Recent versions, such as Evilginx Pro, add features that make detection even harder. These include default use of wildcard TLS certificates, bot filtering through advanced fingerprinting like JA4, decoy web pages, improved integration with DNS providers (e.g., Cloudflare, DigitalOcean), multi-domain support for phishlets, and JavaScript obfuscation. As Evilginx continues to mature, identifying its phishing URLs will only become more challenging.”

    AI-powered security awareness training can give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Infoblox has the story.

     

    Return To KnowBe4 Security Blog

    Request A Demo: KnowBe4 Student Edition

    In today's digital learning landscape, it's your job to ensure that students are vigilant of cyber threats. You need a comprehensive cybersecurity strategy that addresses not just technical loopholes, but also the human risk factor.

    Request a demo to see how KnowBe4 Student Edition will help students adopt a cybersecurity-first mindset, making safe online behavior a habitual part of their digital interactions.

    KnowBe4 Student Edition

    Request a Demo!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/products/demo/knowbe4-student-edition-request-a-demo-2024

    Topics: Phishing, Cybersecurity, Human Risk Management

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Gartner Magic Quadrant
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.