Phishing Campaign Targeting Students
The email is masqueraded to appear as if it came from the Finance Department of the student’s university. Social engineering tactics were implemented to manipulate the recipient into clicking a link where the student is asked to provide personal information and banking details.
It has been reported that after the student has entered their personal information (including their name, address, contact details, date of birth, student identification, national insurance number, mothers maiden name, driving licence number and bank account details), they were led to a spoof website that disguised itself as one of the national banks, where they were requested to enter their banking login credentials.
- If something seems too good to be true, it generally is. This is your traditional phishing email. It attempts to manipulate students into providing personal information and bank credentials by claiming they have been awarded a grant. The likely hood of this happening over an unexpected email is highly unlikely.
- Always be suspicious of an email that requires your personal information or bank details. If the email features links or attachments, be sure to hover over them so you can identify where they are linking to.
- Beware of urgency. One tell-tale sign of a scam email is when the sender attempts to induce fear or haste in the recipient. In this case, the sender creates a sense of haste – ‘Submit your information as soon as possible to avoid delays’.
- If you are suspicious of an email yet it appears to come from a legitimate body, play it safe and call the supposed source.
- If you have shared bank details before realizing that you have been scammed, be sure to contact your bank immediately.
- There is no technical solution to phishing emails. Only the human eye can diagnose if an email is a scam or not. Identifying a phishing email is easier said than done. It takes a trained eye to pinpoint the characteristics of a phishing email.