Back to school: Warning over phishing scam targeting students

Students heading to university this month have been warned to watch out for a phishing email scam which looks to steal their personal information for the purposes of identity theft and fraud.

The UK's fraud and cyber crime centre Action Fraud and The City of London police have urged universities to raise awareness about the scam to both new and returning students ahead of the new academic year.

Criminals looking to take advantage of a busy time for students are sending phishing emails purporting to be from the Student Loans Company, the government-owned body which provides student loans.

Addressed to 'Student', the email claims that most student loan accounts have been suspended due to inaccurate information and targets are urged to click on a provided link in order to update their information.

Of course, the link doesn't lead to a legitimate website, but a fake version of the Student Loans Company website with the aim of stealing credentials - including email address, password and secret answer as well as bank account details.

All of this is information which can easily be exploited to carry out fraud, additional hacking related crimes or sold on underground forums.

The scam has been active for at least two weeks and is targeting both new and current university students. It's also been spotted targeting people who never applied for student finance.

Like many phishing scams, this one attempts to panic the victim into giving up their personal data. In this instance, it's attempting to use the fear of not receiving the funds students require to pay for university in an effort to scare them into clicking the fake link and delivering their information into the hands of criminals.

However, taking a few seconds to examine the email quickly demonstrates that it's a fake - for a start, it's full of poor spelling and grammar, even in the opening line.

"Due to incomplete student information update provided to the Student Loans Company (SLC). Most Accounts have been suspended due to inaccuracy, and we strictly advice every student to update their information".

The sentence is written in broken English, with erroneous use of capital letters - and 'advice' is incorrectly used instead of 'advise'.

"This phishing email displays a number of tell-tale signs of a scam including spelling and grammar errors. As the new university year begins, we are urging people to be especially cautious of emails that request personal details. Always contact your bank if you believe you have fallen victim to a scam," said Detective Chief Inspector Andy Fyfe of the City of London Police.

The Student Loans company has also reminded students that it will never ask for student's personal or banking emails over email and that anyone who sees the scam should report it.

"Anyone who receives a scam email about student finance should send it to us at phishing@slc.co.uk in addition to reporting it to Action Fraud, as this allows us to close the site down and stop students from being caught out," said Paul Mason, Executive Director of Repayments and Counter Fraud at the Student Loans Company.

"We want to remind students to stay vigilant with the details they provide online and to be mindful of the personal information about themselves they post online and on social media too," he added.

Phishing is one of the most common forms of cyber attack and easy for an amateur hacker to carry out: this ZDNet guide provides you with everything you need to know to protect yourselves from falling victim to this type of attack.

READ MORE ON CYBER CRIME

• How to spot a phishing email [CNET]
• This ransomware scheme is targeting schools, colleges and head teachers, warn police
• Hoping for a payrise? Then watch out for this sneaky phishing scam
• Beware these Hurricane Harvey phishing and spam attacks [TechRepublic]
• What is phishing? How to protect yourself from scam emails and more