The Department of Education is warning schools about phishing attacks aimed at students’ financial aid after reports of such incidents at several colleges.
A spokesperson for the department said in a statement on Saturday that multiple schools have reported malicious hackers gaining access to student financial aid in phishing attacks. The attacks, the department said, are getting through student emails via their institution’s password-protected website.
The story was originally reported in the Washington Post and confirmed to the Hill.
According to the department, student electronic deposits are vulnerable. Those deposits are made up of leftover financial aid that is distributed to students after covering tuition and room and board expenses.
The Post reported that the content of the attackers’ emails suggest that the hacker can mimic a school’s communications successfully, prompting students to turn over the information requested by the malicious email.
“The Department thought it was prudent to notify institutions about this scheme via an electronic announcement to schools and by posting this alert on the Information for Financial Aid Professionals website,” a spokesman said in a statement.
Schools are also being warned that they may be responsible for any funds mistakenly transferred to hackers, the warning continues, according to The Post, “Any funds disbursed inappropriately may become the responsibility of the institution.”
The agency declined to identify which schools had been targeted by hackers thus far, warning only that phishing emails were targeting student email accounts to gain access to electronic deposits and alter the destination of federal aid money.
The Hill has reached out for further comment on the reported phishing attacks.
Schools without two-factor identification for email accounts were particularly vulnerable, the report noted, as it was easier for hackers to gain access to email systems. Student aid systems are often linked to the same account college students use for their school email.
One email from a hacker was made to look like a legitimate request for a student to enter their username and password in order to pay a bill, including instructions on how to do so using the school’s student portal, The Post reports.
The College Board estimates that as many as two-thirds of college students in the U.S. receive some form of financial aid, though not all students receiving aid do so through the federal government.