Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn.

College students settling back into school might want to think twice before clicking on an email prompting them to renew their school library account. Researchers warn that students at hundreds of universities worldwide are being targeted with fake emails this week, which tout attachments or links to cloned university login portals or impersonations of university library administration login pages.

These fake landing pages are taking full advantage of the whirlwind back-to-school season, bent on stealing students’ credentials. The threat actors then can use those to steal and resell intellectual property, move laterally within organizations, conduct internal phishing and more, researchers told Threatpost.