This phishing campaign, which was last highlighted in May 2016, has reappeared yet again. It claims that the student has been awarded an educational grant as part of a student support programme. The email purports to have come from the Finance Department of the student’s university. It tricks the recipient into clicking on a hyperlink contained in the message to provide personal details on a webpage.
Victims report that after submitting their sensitive information (including name, address, date of birth, bank account details, National Insurance Number and mother’s maiden name), they were taken to a spoofed website which appeared to be a genuine representative of their online bank, where they were directed to type in their online banking credentials.
Protection and prevention advice
- Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
- An email address can be spoofed, so even if the email appears to be from a person or company you know of, but the message is unexpected or unusual, then contact the sender directly via another method to confirm that they sent you the email.
- If you receive an email which asks you to login to an online account, go directly to the website yourself instead of using the link provided in the email.
- If you suspect an email is a scam, do not reply to the sender. Where possible, flag the email as spam and then delete it.
- Always install software updates as soon as they become available. Whether you’re updating the operating system or an app, the update will often contain fixes for critical security vulnerabilities.
- If you think your bank details have been compromised and/or you have lost money due to fraudulent misuse of your cards, you should immediately contact your bank and report it to Action Fraud.