UK university students have been conned out of over £100,000 over the past couple of years by Student Loans Company scammers, according to new research from Cyber Risk Aware.
The security training and awareness provider filed a Freedom of Information (FOI) request with the SLA and found that 72 students had their funds taken by phishers between the start of the 2015 academic year and December 2017.
Typically, recipients are tricked by official looking emails to click on malicious links, resulting in their personal and financial details being compromised.
Cyber Risk Aware founder, Stephen Burke, claimed the threat extends beyond phishing emails. Scammers are increasingly using social channels to “friend” victims and creating fake events which require targets to hand over their personal details during registration.
The news follows FOI figures released in April 2017 that revealed 72% of universities — staff and students — had fallen victim to phishing attacks over the previous year.
A few months later, Newcastle University was forced to issue an alert after a highly convincing phishing website was spotted trying to harvest credit card and passport details from prospective international students.
On the plus side, the Cyber Risk Aware FOI request revealed that the Student Loan Company’s Counter Fraud Services (CFS) department has prevented 463 attempted scams which would have resulted in losses totaling £785,718.
Burke told Infosecurity that for education and awareness programmes to work they must be personalized and tied to users’ psychological triggers.
“Students are tech-savvy and use multiple devices to access social media where they enjoy seeing how people like their posts, so crafting phishing campaigns around these emotives are easy to create,” he added. “Whether this is an email stating someone has access to their account or a change in password being needed, students will respond rapidly, so phishing simulations can prey on this knowledge and tie them to an insecurity or concern.”