Low blow: Phishers target student loan applicants
Sadly victims may not notice grammatical error
Phishers are targeting UK student loan applicants in a new scam campaign.
Fraudulent emails, posing as messages from Directgov UK, attempt to trick recipients into handing over online account information and other personal data to fraudsters under the guise of a supposed account update. "We at HM Government noticed your Student loan online login details is [sic] incorrect and need to be updated," the scam email reads.
The email is circulating just weeks before British students are about to start another year at university. The incident illustrates that phishers are widening their nets and going after a greater range of potential victims outside their traditional targets of online banking accounts and PayPal logins. For example, recent attacks separately targeted frequent flyer schemes in Brazil and Google AdWords accounts.
More on the student-loan phishing scam emails – along with samples of the offending missives – can be found in a blog post by Sophos here. ®
"Sadly victims may not notice grammatical error"
And even if they do they will probably assume that government standards in communication have slipped (even more).
I've seen 2 variants of this email go through our mail server so far (we handle student accommodation) and there's several things to note:
1. These are highly targetted emails, not your usual phishing spam. Somehow they are getting the email addresses for the students. As we're a student service provider we're also seeing them.
2. With the exception of a couple minor errors these are quite believable, more so given the complete cockups of the last few years by the student loans company.
It's interesting to see that the Government email asks you to download a file, it suggests more than one phishing group invloved as the previous emails I've seen ask the student to click a link. The link looks like a genuine student loans company link until you click on it.
Joking aside about the intelligence of the people falling for this scam, but these are mainly 18 year olds without the years of experience dealing with scams that we have. They need this money in order to live and pay rent. They fall for this scam and it can result in the student having to drop out of University, owing not only the student loan company for the money that has been stolen from them but also their rent for the accommodation they were staying in. That's a hell of a lot of money for someone who now has no chance of paying it back. If they're UK based the chances are their parents signed as guarantor for them as well, that means their parents will also be chased for money. This isn't as simple as someone being a little stupid and losing a few quid, this is a crime that potentially destroys an entire family's financial security.
What natural assumption?
Nobody is assuming that students are somehow intelligent enough to detect phishes at will. What is the point is that if you don't have a sufficient grasp of English to know the proper usage of "is" and "are", then you should not be going to university in the UK.
(NB: this doesn't automatically exclude foreign students, as many of them speak English better than our own students do these days. Which is not surprising, as under their inferior education systems they actually have to learn subjects to an acceptable standard to get a passing grade.)