British police are warning first year and returning university students to be on the lookout for a new phishing campaign designed to trick them into handing over personal information.
The Student Loans Company (SLC) has confirmed that an email spoofed in its name is a scam. It claims SLC accounts have been suspended due to incomplete information and urges the recipient to enter their details by following a link.
However, said link takes them to a fake website where personal information is harvested by phishers, according to an Action Fraud alert.
Police are urging users to stay cautious online and never follow links in suspicious looking emails, especially those with spelling mistakes.
“This phishing email displays a number of tell-tale signs of a scam including spelling and grammar errors,” explained detective chief inspector Andy Fyfe of the City of London Police. “As the new university year begins, we are urging people to be especially cautious of emails that request personal details. Always contact your bank if you believe you have fallen victim to a scam.”
Tim Ayling, EMEA director of fraud and risk intelligence at RSA Security, argued that students are prime targets for phishing scams.
“Our advice would be: first and foremost, avoid clicking on links to websites from emails and any unknown sources. If in any doubt, search for the website using an engine – particularly in cases like this where the email would’ve come from a random email alias, with a generic introduction that suggests it was sent to others,” he added.
“Secondly, the devil is in the detail. Always be sure to check the URL of a site that you are visiting to make sure that it is correct – often spoofed sites have typos in their address that will give clues that it is not official. Lastly, check the address bar to ensure you are visiting a secure site and there are no warnings.”
John Wilson, field CTO at Agari argued that while this scam is relatively easy to spot, that’s not always the case.
“These more sophisticated emails can fool both the human eye and common signature-based email security filters alike,” he added.
“Universities and loan organizations can help to tackle these advanced email scams by preventing fraudsters from spoofing their email domains. DMARC, (Domain-based Message Authentication, Report & Conformance) is an open source email authentication standard that will reject unauthorized messages using the domain, preventing them from ever being delivered.”