Hackers are masquerading as the Student Loan Company to obtain sensitive and personal information from unsuspecting students in a major phishing campaign.
Students are being asked to click on malicious links and provide personal details to stop their accounts from being permanently suspended.
The Student Loan Company has alerted new and existing university students that hackers are posing as the company to obtain personal details of students via an email phishing campaign. Unnamed hackers behind the campaign have also set up a fake website to make students believe that the emails are genuine.
In emails sent out to a large number of students, hackers are informing the latter that their Student Loan Company accounts are being suspended due to incomplete information provided by the students. The students are also being asked to click on a link to fill in the remaining information within 24 hours to ensure their accounts are not suspended permanently.
The Action Fraud department of the City of London Police is investigating the scam and has said that phishing emails have also been sent to several individuals who have never applied for education loans.
‘This phishing email displays a number of tell-tale signs of a scam including spelling and grammar errors. As the new university year begins, we are urging people to be especially cautious of emails that request personal details. Always contact your bank if you believe you have fallen victim to a scam,’ said Action Fraud.
If you are a recipient of an email asking you to fill in your personal details, you can contact Action Fraud by visiting www.actionfraud.police.uk or calling 0300 123 2040. The Student Loan Company has also released a set of do’s and don’ts for students who may have been targeted by hackers behind the phishing scam.
According to Wieland Alge, GM EMEA at Barracuda, phishing emails are an extremely effective way for cyber criminals to make money, accounting for 76% of all ransomware attacks. Alge suggests that you should not entertain odd or unexpected requests from people you know via email without calling them up first and confirming that they indeed sent such emails.
At the same time, you should look closely at sender details as hackers often use clever masking techniques and impersonate people or organisations to convince recipients that the emails are genuine.
‘A domain changed by one letter. For example, @gmoil.com instead of @gmail.com. This masking technique is easily overlooked and highly effective, but can be easily overcome by hovering a cursor over the email address. A window will pop up showing the sender’s real domain,’ Alge adds.