First-year and returning university students have been warned of a phishing scam in which emails claim to be sent by the student loan provider.
Action Fraud - the UK’s national reporting centre for fraud and cybercrime - believes that victims are being targeted as they prepare to start their new academic year.
The emails’ aim is to dupe students into giving up personal information which is then used to steal their identity and defraud them.
The fraudulent email claims that Student Loans Company accounts have been suspended due to incomplete student information.
The recipient is urged to update their details using a web link which then leads to a fake website with the aim of harvesting personal details.
The scam is believed to target both new and current university students. However, examples of the scam have been reported where individuals who have never applied for student finance have also received the email.
Action Fraud offers the following advice to protect yourself from loan phishing emails
Don’t assume anyone who has sent you an email is who they say they are.
If an email asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don’t give away any personal details.
Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.
If in doubt, check it’s genuine by asking the company itself. Never follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine.
Spot the signs of scam student messages
Fraudulent emails that pose as an official company or organisation usually have poor-quality spelling, grammar, graphic design or image quality. They may use odd ‘spe11lings’ or ‘cApiTals’ in the email subject to fool your spam filter.
If they know your email address but not your name, it’ll begin with something like ‘To our valued customer’, or ‘Dear...’ followed by your email address.
When a fraudulent email asks you to follow a link or respond, the website or email address usually doesn’t look right. Authentic website addresses are usually short and don’t use irrelevant words or phrases. Businesses and organisations don’t use web-based addresses such as Gmail or Yahoo.
Reporting phishing emails
Detective Chief Inspector Andy Fyfe of the City of London Police said: “This phishing email displays a number of tell-tale signs of a scam including spelling and grammar errors. As the new university year begins, we are urging people to be especially cautious of emails that request personal details. Always contact your bank if you believe you have fallen victim to a scam.”
Paul Mason, Executive Director of Repayments and Counter Fraud, said: “We will never request a student’s personal or banking details by email or text message. Anyone who receives a scam email about student finance should send it to us at firstname.lastname@example.org in addition to reporting it to Action Fraud, as this allows us to close the site down and stop students from being caught out.
“We want to remind students to stay vigilant with the details they provide online and to be mindful of the personal information about themselves they post online and on social media too.”