A phishing campaign is gaining access to universities' third-party platforms and routing employee paychecks to accounts controlled by hackers, researchers said.