In this series of lessons, we have discussed some of the scams that cybercriminals use in order to scam students. In this lesson, we will look at a scam that student’s face almost daily – phishing scams.
So how prevalent are phishing scams? Statistics indicate that the average student is subject to a phishing style attack at least seventeen times per month, which is more than one phishing attack per every two days. According to 2018’s BBB’s ScamTracker Risk Report, 41.6% of students reported a loss when exposed to a scam as compared to 28.3% of non-students. Students, in general, are new at managing their own finances; they are always looking for ways to save money. Scammers know this and will take advantage.
Most common types of phishing scams perpetrated on students
Fake Credit Card Scams
According to the Credit Card Accountability, Responsibility, and Disclosure (CARD) Act of 2009, banks and other financial institutions are prohibited from soliciting credit cards on University campuses. However, that does not prevent them from seeking out students online. One of the main challenges is that along with all of the legitimate offers students receive; there are a number of emails that are scams and are designed to gain access to a student’s personal information and potentially steal their identity.
Scholarship and Grant Scams
Receiving emails from organizations offering grants or scholarships to reduce student loan payments are very tempting for students to click on. But do your homework first. Scholarship and grant scams are a frequent type of phishing attack used by cybercriminals to trap students into giving out their vital data, including banking information.
According to the Better Business Bureau, in 2018, employment scams were the #1 culprit for phishing scams attacking 18-25-year-olds. Job offerings can be sent directly to school emails, promising flexible hours, and a beyond expected pay. In this scam, students are asked to go to fill out their profile online, providing all critical data, including their social security number. The goal of this scam is to steal the identity of the student.
Threats or blackmail Scams
Students are quite susceptible to blackmail or threats by email. Although by University, most students are pretty computer savvy, the possibility of being scammed by a threatening email does exist.
Threats or blackmail scams can be classified into two different categories – from people you know and from people you do not know.
Threats from people you know
Statistically, students are more likely to be blackmailed by persons they know than by strangers. However, knowing someone does not necessarily mean that they have met them in person but rather online.
In this scam, the scammer will use social engineering techniques such as telling the victim they are beautiful or sexy in order to manipulate the person into sending compromising pictures/videos of themselves to the scammer. Once the scammer receives the information, they threaten to release them unless the student pays money or sends them more compromising images.
Threats from people you do not know
This type of scam occurs when you receive an email from a complete stranger requesting that you pay them or else they will reveal embarrassing information about you, or release compromising photos/videos of you. In reality, very few people actually fall for this, however, because it costs nothing to send out millions of emails any money they get is a financial gain.
Best practices to prevent Phishing Scams on students
- If the offer seems too good to be true, then it probably is.
- Do not use any telephone numbers provided in emails. Always whenever possible use another source to find phone numbers.
- Contact school officials to ask if they are aware of the specific email.
- Change your password often – do not use the same password for all of your accounts.
- Update all security patches.
- Be wary of social engineering techniques
- Install an antivirus solution: An antivirus solution like Adaware will help eliminate the vast majority of these type of emails before they enter your inbox.
- Install an antimalware solution: Even though you should always be cautious about clicking on hyperlinks in emails, sometimes we do it inadvertently or click out of curiosity. An antimalware solution like Web Companion use blacklist technologies that are designed to warn users in advance that the page they are about to land on could be dangerous.
- Monitor For Identity Theft:
- Review bank statement for any unusual activity. Notify your financial institution that your banking data may have been compromised.
- Notify your credit card company and monitor ongoing statements.
- Notify the credit reporting agency in your area.
- Look for any unusual emails that you may receive from foreign companies asking for payment or asking you to confirm that you signed up to them.