(Image extracted from: http://www.mcsmetro.com/business-email.php)
Street and petty crimes in the UK have declined over the years, thanks to the vigilance of agencies responsible for maintaining law & order. Unfortunately, the same cannot be said about the virtual world, where crimes like phishing attacks have consistently been on the rise for the past many years. Not only are such attacks on the rise, but they are getting more intelligent. The intelligence on the criminal's part and the carelessness on the victim's part make the situation even more miserable than it already is.
Shockingly, it appears that students are the new favourite targets of cyber criminals. The attacks specifically aimed at students cunningly dupe them into sharing their intimate details without them even knowing about it. Furthermore, phishing attacks are also being used to virtually hijack computers and devices by encrypting the information contained on them. As you may have guessed it, the hijack comes to an end with the victim paying a ransom fee to the hijacker for restoring his access back to his data.
Spam Email Phishing Attacks:
According to a report released by National Fraud & Cyber Crime Reporting Centre, students in the UK's universities are being hit by a new wave of phishing emails that claim to offer a scholarship or an educational grant. The phishing email takes them to a fake website where they are deceived into revealing their personal information such as bank details. The emails are designed to look very professional, similar to the ones usually sent by the finance department of a university. Such forgeries are difficult for students to detect without detailed scrutiny of the email headers, which is usually obscure to most people.
Here are some common examples of phishing messages aimed at persuading students to visit completely fake but genuine looking websites where they are swindled into sharing their confidential information by filling out a form of sorts:
- "There is some problem with your account and you must verify your details or the account will expire soon"
- "The university offers educational grant to new students this year. Interested students can fill out the attached form to apply till tomorrow (or any specified date)"
We are all aware of the fact that not every student can bear the cost of university education and they are always on the hunt for a full or partial scholarship, or any sort of endowment to facilitate their university education. This makes them especially vulnerable to phishing attacks. The Students Loan Company has said that students are particularly targeted around their main payment dates in September, January and April.
How to Spot a Phishing Email?
Several universities in the UK, such as Queen Mary University of London, University of Manchester, University of Exeter, University of Warwick, University of Edinburgh and others have been very vocal on this issue and ran an awareness campaign to assist students avoid phishing emails. University of Cardiff illustrated several measures to help students identify the authenticity of the email, which even might reflect a university's mailing address.
(extracted from University of Cardiff)
- Source Email Address: Notice the sender's mailing address firstname.lastname@example.org. This is an email address with a misleading variation. The original email address is cardiff.ac.uk
- URGENT Marking on Email: Marking an email as urgent would give less time to students to determine the authenticity of the message. The idea is to create a sense of urgency to make students rush to act, without giving it a second thought.
- Spelling Mistakes: A typical email may have some errors, but if an email is coming from University/Bank address then the occurrence of these errors would be relatively low. So in that case, it's worth taking a closer look before acting on it.
- Embedded URL: An embedded URL is one in which you see words as a hyperlink. From the above example, you can see the email message included https://www.cardiff.ac.uk/storagequota, which is a genuine address but the URL embedded behind this is different http://www.cardiff-university.co.uk. Students should understand that all emails from the university will come from the same domain i.e. cardiff.ac.uk and for any required action, will direct you to a page hosted on the same domain.
- NEVER share your passwords with anybody. A legitimate person, such as university's IT/Finance support personnel, will never ask you to reveal your password.
- Students should be particularly concerned about an email that carries a link for them to follow. Remember, universities have a separate section about scholarships and other funding opportunities on their website, plus a CTA (Call to Action) option for students to apply.
- If you figure a spam/phishing mail, then immediately call/email the concerned university staff to verify the message. When approaching via email, make sure you send it to a verified address mentioned on the university website or any authentic place. Replying to a phishing email would be as dangerous as following any links in the message.
- Lastly, if you think you may have compromised the safety of your bank details and/or have lost money due to fraudulent misuse of your cards, you should immediately contact your bank, and report it to Action Fraud.
Note: If you or you colleagues have not gone through any orientation regarding phishing scams, refer to the concerned University Staff. Stay Safe!