The US Department of Education’s Federal Student Aid office has identified a malicious phishing campaign aimed at defrauding students of their refunds and aid distributions.
Several schools have reported that attackers are using a phishing email to obtain access to student accounts on the student portal (see example phishing email screenshot below, courtesy of FSA). The attackers have done some level of research and understand the schools’ use of student portals and methods. These attacks are successful in part due to student compliance in providing requested information.
Upon gaining access to the portal via the login provided by the student, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker, and any subsequent federal student aid refunds will be stolen from the student. FSA believes that attackers are practicing and refining the scheme on a smaller scale now and that this will emerge as a prominent threat against schools during periods when federal student aid funds are disseminated in large volumes.
Mitchell Hamline advises students to always be careful when entering personally identifiable information on web forms. Be vigilant and skeptical when receiving emails with links asking for information. Watch for sender’s email addresses that don’t match the sender’s supposed identity and scrutinize URLs closely. More information on recognizing and preventing phishing attempts can be found on the US Federal Trade Commission website at https://www.consumer.ftc.gov/articles/0003-phishing.
Mitchell Hamline Information Technology