UK university students learn about Phishing the hard way

‘Education grant’, ‘Scholarship’, ‘Financial aid’ are the words that remain within the thought bubbles of students before and during their study program. But will they do it at the cost of their own security? Definitely not!

After the immense amount of stress from school work, the last thing that a student would want to encounter is his/her laptop getting attacked. Finishing a lot of assignments and then dealing with cybercriminals to reach a negotiation does not qualify as the best of the university years spent!

Surprisingly enough, that is what students in the UK universities are confronting. Their computers are being virtually hijacked by cybercriminals by issuing a threat to the students to share their intimate details. In order to avoid any encryption of the information, the victims, the students, end up paying ransom fees to restore back the data.

The main seasons for cybercriminals to attack students are fall, winter and spring – the main time periods during an academic year allotted for the payment of fees. This indicates the disposition of the phishing attacks in the form of spam emails. The National Fraud & Cyber Crime Reporting Centre issued a report that said that students received spoofed emails claiming to offer a scholarship or grants. Students’ constant hunt for financial aid of any kind is the vulnerable point that was hit directly at by the cybercriminals. The spoofed emails direct them to close to genuine scholarships websites asking the students to fill out forms and kidnapping their sensitive information, like name, address, date of birth, contact details, telephone provider, bank account details, student ID, National Insurance Number, driving licence number and mother’s maiden name.

The emails are well disguised behind a veil of professional looking designs, thanks to which the fake nature is easily overlooked by desperate students. Two of the most common forms of swindle found in these spoofed emails are:

• “There is some problem with your account and you must verify your details or the account will expire soon”
• “The university offers educational grant to new students this year. Interested students can fill out the attached form to apply till tomorrow (or any specified date)”

These words are basically aimed at persuading students to click on a link in the email taking them to a false website and, thus, taking them for a ride. One victim was even asked to enter his/her bank details only to be forwarded to the login page of online banking. BBC reports of a student from Queens Mary University London who was tricked out of £300 through a scam email, allegedly from the university’s finance department. The infected email contained a cloned logo of the university that asked the student to take a government bursary. While the student was asked to fill in her bank details, she found out that the cybercriminals had already robbed her of £300. QMUL claimed that it is aware of the scam: “QMUL proactively monitors its systems to prevent and detect breaches, and there is no evidence to suggest any system has been compromised in this instance. A message was sent to all students warning them about the scam and providing them with advice on how they can protect themselves online, including details of our cybersecurity training courses.”.

Many cybersecurity agencies, especially Action Fraud, UK’s national fraud and internet crime reporting centre, has issued some preventive measures to evade any further victimization of students:

• Not clicking on links or attachments from unsolicited emails
• Not replying to scam emails
• Checking the legitimacy by finding any telephone number
• Avoiding logging into bank account via the fake website or the spoofed email
• Reporting the bank or Action Fraud in case of any compromise on the part of the students or any money lost due to fraudulent misuse of bank information.

Cyberpolice is in action overtime to up surveillance and to protect students from swindlers. Paul Mason of the SLC, responsible for combating fraud said: “We want to remind students to stay vigilant with the details they provide online”.

We go to universities in the hope of catching a bigger fish in the market and making a career with them. On the contrary these students, unfortunately, themselves got caught in the ‘phishing’ net spread out by the phishermen. That was a hard lesson to learn…