The hackers pretended to be professors, appealing to Achilles’ heel of academics: their egos. Posing as admiring colleagues from other universities, they emailed their targets, claiming they had enjoyed their articles and wanted to read more of their work. The emails contained links to articles the “professors” claimed they could not access.
Once the actual professors clicked on these links, they were redirected to what seemed to be the login page for their universities, making it appear they had somehow inadvertently signed out. But the login page was fake. And once the professors entered their usernames and passwords, the information was captured by the hackers, who then had free rein over their accounts.