HACKERS HAVE PILFERED more than £100,000 from university students via phishing attacks in just over 15 months.
That's according to a Freedom of Information (FOI) request sent to the Student Loan Company (SLC) by cybersecurity awareness outfit Cyber Risk Aware.
It found that £108,205 had been taken away from students since the beginning of the 2015 academic year up to December 2017.
In total, 72 students had funds redirected as a result of being tricked by phishing emails, which coaxed them into handing over the details of their SLC accounts. The scammers then used this information to impersonate the students and to redirect the funds.
This has led to warnings by Action Fraud, a fraud investigation unit set up by the City of London Police, that new and current university students are being targeted by scammers in the phishing email sting.
The message claims that the student's accounts with the Student Loans Company (SLC) has been suspended and that details must be updated. However, the link provided in the phishing email leads to a counterfeit site that captures the students' authentication details.
"Students are a particular target for phishing emails from hackers attempting to steal their money; phishing emails can be very convincing and fraudsters know exactly how to lure students into sharing personal details," said Stephen Burke, Founder of Cyber Risk Aware.
"But it's not just emails where students need to be vigilant; attackers are also smart in creating ‘friendships' and fake events, asking for personal and financial details whilst playing on a person's ‘fear of missing out'."
The FOI request also revealed that the SLC's counter-fraud services department had prevented a further 463 attacks over the same period, in which financial losses could have totalled £785,718.
SLC claimed that it had improved its ability to detect fraudulent interactions and can now identify these at an earlier stage.
"This means we can take action as payment dates approach, preventing fraudsters from making changes to a student's account," it said.
Cyber Risk Aware's Stephen Burke advised students to be cautious around emails requesting any personal or financial information - good advice for anyone - and suggested universities that did not run cyber awareness campaigns should begin to do so. This would help students to identify phishing emails rather than having to solely rely on technical defences.
"Until such practice becomes mainstream across the board, students should treat any emails requesting personal details with suspicion," he said.
"Phishing emails contain indicators such as unknown sender origin and offers which are just too good to be true, whilst often pertaining to be from a recognised company or brand. Anyone receiving a suspicious email should report it to their university or company IT administrator and delete it." µ
The week in Google
The scandal that just keeps giving
Clip to the end....