A new phishing campaign which has hit students claims that the student has been awarded an educational grant by the Department for Education. The email purports to have come from the finance department of the student’s university and tricks the recipient into clicking on a link contained in the message to provide personal and banking details.
One victim reported that after submitting their sensitive information (including name, address, date of birth, contact details, telephone provider, bank account details, student ID, National Insurance Number, driving licence number and mother’s maiden name), they were taken to a spoofed website which appeared like a genuine website of their bank, where they were asked to type in their online banking login credentials.
- Do not click on any links or open attachments contained within unsolicited emails.
- Do not reply to scam emails or contact the senders in any way.
- If an email appears to have come from a person or organisation you know of but the message is unexpected or unusual, contact them directly via another method to confirm that they sent you the email.
- If you receive an email which asks you to login to an online account via a link provided in the email, instead of clicking on the link, open your browser and go directly to the company’s website yourself.
- If you have clicked on a link in the email, do not supply any information on the website that may open.
Targets or victims of this phishing – or any fraud, scam or cyber crime – should report it to Action Fraud, 0300 123 2040, www.actionfraud.police.uk. Action Fraud is the UK’s national reporting service for this sort of crime. It is not an emergency service – if a crime is taking place, ring 999.