Study reveals students have been targeted more than 500 times by phishing scammers in two academic years
A Freedom of Information (FOI) request to the UK’s Student Loan Company (SLC) was carried out by cyber security awareness education and phishing simulation provider Cyber Risk Aware and revealed that £108, 205 has been stolen from university students via phishing attacks.
The study revealed that 72 students had their funds stolen by phishers since the beginning of the 2015 academic year up to December 2017.
The FOI also revealed that, whilst some students have been phished, the Student Loan Company’s Counter Fraud Services (CFS) department has prevented 463 attacks where financial losses would have totalled £785,718.
“Students are a particular target for phishing emails from hackers attempting to steal their money; phishing emails can be very convincing and fraudsters know exactly how to lure students into sharing personal details,” said Stephen Burke, Founder of Cyber Risk Aware.
“But it’s not just emails where students need to be vigilant; attackers are also smart in creating ‘friendships’ and fake events, asking for personal and financial details whilst playing on a person’s ‘fear of missing out’.”
In response to the FOI, the Student Loan Company stated: “Over the last few years, the SLC has improved on its ability to detect fraudulent interactions and can now identify these at an earlier stage. This means we can take action as payment dates approach, preventing fraudsters from making changes to a student’s account.”
Burke continues, “Whilst several leading universities now run cyber security awareness campaigns, there are many which would benefit from encouraging and helping students identify phishing emails, rather than relying on technical defences alone.
Until such practice becomes mainstream across the board, students should treat any emails requesting personal details with suspicion. Phishing emails contain indicators such as unknown sender origin and offers which are just too good to be true, whilst often pertaining to be from a recognised company or brand. Anyone receiving a suspicious email should report it to their university or company IT administrator and delete it.”