Newcastle University has issued an alert, warning prospective students to be careful when seeking to apply and pay online for courses, after discovering the existence of a sophisticated phishing scam.
The university, which resides on the domain ncl.ac.uk, has discovered scammers have created a website to trick prospective students into parting with personal details and tuition fees.
The website, newcastleinternationaluniversity.com, uses similar branding colours and fonts to the original site, but includes flashy animation and a more sophisticated layout, almost as if the scammers are hoping to convince people, particularly prospective foreign students, that it is the real website.
"We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses," the university announced on its Twitter account.
"The website 'newcastle international university' is in no way associated with the University and we are advising anyone who finds the website not to submit any personal details. All students should use our official website http://www.ncl.ac.uk/."
It is not known how many people have been tricked by the website, but the level of detail is impressive. The site is being used to harvest everything from credit card information to passport details and date of birth, which would be useful to the scammers if they decide to steal victims' identities, as well as scamming them out of thousands of pounds in tuition fees.
"Newcastle University's response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim. This is why the public need to have greater awareness of the issue of spoofing and take care to protect themselves online," Azeem Aleem, RSA Security's director of Advanced Cyber Defence Practice for EMEA told IBTimes UK.
"[The scammers] have been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University's official site."
Here's how to stay safe online
RSA Security advises that users take care on the internet to prevent themselves from being scammed, including:
- Avoid clicking on links to websites from emails, if it is from an unknown source. Instead, search for the website using a search engine;
- Always be sure to check the URL of a site that you are visiting to make sure that it is correct – often with spoofed sites there will be a few letters in the wrong place that will give clues that it is not official, the devil is in the detail;
- Check the address bar to ensure you are visiting a secure site and there are no warnings – if you look at this site, for example, there is actually a warning that says it is insecure;
- If you are not sure, then see if there is a phone number where you can call and get validation before sharing any personal information.