Over £100,000 stolen from students in phishing crisis – here’s how to stay safe

Students are being scammed out of huge amounts of money, but how is it happening and how can you stay safe?

UK students have had more than £100,000 of their student loans stolen by phishing scammers in the past two years.

A Freedom of Information Request was recently put to the UK Student Loans Company (SLC) to find out about student loan-related fraud.

Cyber Risk Aware, the cyber security awareness education provider, carried out the investigations and found that £108,205 had been stolen from students between the start of the academic year in 2015 and December 2017.

During that time, students were the target of phishing crimes on more than 500 occasions, including the text message scam we reported on in December that lead to one woman losing £5,400.

Despite the best efforts of the SLC's Counter Fraud Services, over 70 students had their university loan funds redirected by these scammers.

Action Fraud, a fraud investigation unit set up by the City of London Police, is sending out warnings to both new and current university students as these phishing emails become more common.

What did the scammers do?

In total, the funds of 72 students were redirected after being tricked into providing their account details by phishing messages that claimed to be from the SLC.

The scammers then used these details to impersonate the students and redirect funds into other accounts.

• Protect your PC for free with Kaspersky

These fraud messages often explain that the student’s account with the SLC has been suspended because their details need to be updated. They include a link to a counterfeit site that then captures the students’ authentication details.

Founder of Cyber Risk Aware, Stephen Burke, said:

Students are a particular target for phishing emails from hackers attempting to steal their money; phishing emails can be very convincing and fraudsters know exactly how to lure students into sharing personal details.

Students are at risk

Burke explained that cyber attackers are getting increasingly clever, and are now capitalising on students’ Fear Of Missing Out (FOMO):

It's not just emails where students need to be vigilant; attackers are also smart in creating ‘friendships' and fake events, asking for personal and financial details whilst playing on a person's ‘Fear Of Missing Out'.

That said, the SLC’s Counter Fraud Services have managed to stop the phishing scammers on a number of occasions.

• Student scammed out of £5,400 by a text
• Check out the best deals on offer right now

Although 72 attacks were successful, 463 were halted - attacks that would otherwise have resulted in the loss of £785,718. So while we'd ideally want the number of successful attacks to be zero, the Counter Fraud Services are working hard to stop as many as they can.

With this recent epidemic of attacks, the SLC says it has improved its ability to detect fraudulent interactions so it catches them at an earlier stage.

The SLC commented:

This means we can take action as payment dates approach, preventing fraudsters from making changes to a student's account.

How to stay cyber safe

Cyber Risk Aware has some advice for students in a world where cyber attackers are getting more and more intelligent.

Burke said that anyone, whether they're a student or not, should be wary of emails asking for their personal or financial information.

• 14 money scams to watch out for
• Everyone loves a freebie, so find out what's available at the moment

He also suggested that universities who weren't already running cyber risk awareness campaigns should start doing so, as uni might be the first time that many people have bank accounts and more money to manage.

Burke said:

[You should look out for] phishing emails containing indicators such as unknown sender origin and offers which are just too good to be true, whilst often pertaining to be from a recognised company or brand.

Anyone receiving a suspicious email should report it to their university or company IT administrator and delete it. While students are generally very comfortable with the online world, it's a good idea to check that you know how to stay safe.

Scams come in different forms, from phishing emails to fake products and websites. Make sure you know how to spot scams.

You'll often not know that you've been hacked until the damage has been done, so check out our list of 32 ways to avoid being hacked.

Finally, when it comes to online safety, always try to bear in mind safety specialist Marc Goodman’s UPDATE acronym:

• Update regularly
• Passwords - don’t reuse them
• Download from authorised sources
• Administrator - don't use it as your default setting
• Turn off when you’re done
• Encrypt to keep your stuff unreadable.

Have you fallen foul of a student loan scam? Get in touch with us to let us know how it's affected you, and how other students can avoid becoming the next victim.