Student Loans Company in Phishing Warning

The UK’s Student Loans Company has been forced to issue a fraud alert after phishers launched a new campaign targeting students starting this autumn.

The fake emails, purporting to come from Student Finance England, try to trick recipients into divulging personal and financial information or to click on a malicious link, by claiming that failure to do so will result in the loss or delay of their first loan payment, according to the warning.

“Online fraudsters are aware that freshers are starting university for the first time next month and are targeting them, continuing students and their sponsors with emails and texts requesting personal and banking details to access their finance,” said Fiona Innes, head of Counter Fraud Services at the Student Loans Company.

“We have had several reports of this phishing email already. Phishing emails are sent in batches so there will be more in circulation. We want to remind customers that we will never request a customer’s personal or banking details by email or text message.”

The SLC’s Counter Fraud Services team claims to have prevented losses of £65 million since the 2012/13 academic year.

It urged students to treat any comms requesting personal or financial information with suspicion, claiming that emails addressed “Dear Student” and those with poor spelling and grammar are likely to be fakes.

David Stubley, founder of IT consultancy 7 Elements, claimed that employees are just as susceptible to phishing attacks as students.

"Phishing attacks remain scarily easy. In a recent phishing exercise we were able to entice 82% of recipients into clicking on a malicious link,” he told Infosecurity.

“Organizations need to take a holistic approach when defending against such attacks, and this would include end user awareness, implementing technical controls such as web filtering, end point protection and hardening the OS and browsers in use.”

Source: Information Security Magazine