A new email phishing scam is targeting first-year and returning university students in the UK. The mails claim to be from a student loan provider but instead direct victims to a fraudulent website in the hope of stealing their identities and personal account information.
Posing as the Student Loans Company, the fraudsters have been sending malicious emails over the past two week as the new academic year fast approaches. The messages claim that accounts have been suspended due to incomplete information, urging the victim to click.
Action Fraud, the UK's fraud and advice watchdog, this week (5 September) revealed that the scam is currently targeting both new and current university students.
The loan firm has confirmed the emails are not real.
"As the new university year begins, we are urging people to be especially cautious of emails that request personal details," said detective chief inspector Andy Fyfe of the City of London Police. "Always contact your bank if you believe you have fallen victim to a scam."
Fyfe said the phishing emails contain known signs of email fraud, including messy spelling errors.
Fake emails that redirect to booby-trapped websites are not a new phenomenon, but continue to plague internet users. Often, they will contain tell-tale signs and email users are advised to always remain vigilant before clicking on suspicious links or attachments.
In this case, students should contact the loan firm regarding any account changes. Paul Mason, executive director of repayments and counter fraud at the Student Loans Company, said: "We will never request a student's personal or banking details by email or text message.
"Anyone who receives a scam email about student finance should send it to us at email@example.com in addition to reporting it to Action Fraud.
"This allows us to close the site down and stop students from being caught out.
"We want to remind students to stay vigilant with the details they provide online and to be mindful of the personal information about themselves they post online and on social media too."
Here is a copy of the emails now hitting inboxes:
The link leads to a website that appears legitimate, and requests that the victim enter a slew of personal account information. This, of course, will be sent straight to the scammer.
In a statement on its website, Action Fraud said: "Don't assume anyone who has sent you an email is who they say they are. If an email asks you to make a payment, log in to an online account or offers you a deal, be cautious. Make sure your spam filter is on your emails.
"If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.
"If in doubt, check it's genuine by asking the company itself.
"Never follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine."