Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Researchers said in 2020 so far they have discovered a number of malicious campaigns using compromised emails from at least 13 different universities. The highest number of phishing emails detected came from compromised Purdue University accounts (2,068), stolen in campaigns from Jan. to Sept. Researchers also found emails from legitimate Oxford and Purdue accounts telling victims that they have a missed call and linking to an attachment that purports to be the voicemail.
Source: https://threatpost.com/university-email-hijacking-phishing-malwarephishing-malware/160735/