Microsoft has reported that a cybercriminal group known as Storm-2657 has launched a significant phishing campaign targeting U.S. universities. The group has reportedly sent phishing emails to 6,000 addresses at 25 universities, with the aim of stealing payroll credentials and redirecting funds. These emails are designed to appear legitimate by impersonating university leadership or HR departments, urging recipients to take immediate action. Once staff members fall for the scam, their Workday accounts are compromised, allowing attackers to modify payroll profiles and alter salary payment settings. This has led to funds being redirected to accounts controlled by the hackers, all without the victims’ knowledge. The scale of the attack highlights the growing risk of cybercrime in educational institutions, particularly those that handle sensitive financial information. This incident not only affects the affected institutions but also raises broader concerns about the security of payroll systems in public sectors. The sophistication of these attacks underscores the need for greater cybersecurity awareness and better protection mechanisms, especially in organizations that manage significant financial transactions. As the attacks continue to evolve, there is a pressing need for both institutions and employees to remain vigilant and adopt robust security measures to prevent such breaches from occurring.