Education Department warns that students on financial aid are being targeted in phishing attacks



The U.S. Education Department is warning of fraudulent emails being sent to students’ financial aid accounts. (iStock)

September 15 at 2:03 PM

Malicious attackers have recently tried to gain access to students’ financial aid refunds at multiple colleges in a scheme that involves sending fraudulent emails to students, according to a warning issued by the Education Department.

The target is federal student aid refunds, money distributed to students after tuition and other education costs are paid.

The U.S. Education Department’s Office of Federal Student Aid received multiple reports from colleges and universities about the phishing campaign targeting student email accounts, a department spokesman said on background. Authorities declined to identify the schools that reported the attacks.

“The Department thought it was prudent to notify institutions about this scheme via an electronic announcement to schools and by posting this alert on the Information for Financial Aid Professionals website,” a department spokesman said.

The attacks begin with a phishing email sent through a college’s password-protected website for students, department officials wrote. It is an email intended to fraudulently extract personal information.

The nature of the emails suggests the attackers have done research to understand the school’s communication methods, and the attacks are successful because students provided the information that had been requested by the rogue operations, the department warned.

The money is what’s left over after students have used aid to cover tuition, room and board. A student, for example, might be eligible to receive $25,000 in federal student aid, which is transferred electronically from the Education Department to a university. If a student had $4,000 remaining, the university would typically transfer that balance to the student, offering several ways to receive the money, including a debit card or an electronic deposit to a bank account. It is those electronic deposits that are vulnerable.

Once the attackers gain access, they change the student’s direct-deposit destination to a bank account controlled by the attacker. Then the money intended for the student is sent to the attacker instead.

The agency believes the attackers are “practicing and refining the scheme on a smaller scale now and that this will emerge as a prominent threat” against colleges and universities at times when Federal Student Aid funds are disbursed in large volumes.

Some schools are especially vulnerable, the agency warned, because they are not requiring two forms of identification to make their student portals more secure; often, students are using just one method to verify their identities, such as a username and password.

The agency strongly urged colleges and universities to strengthen security and use two-factor or multi-factor identification — for example, a username and password combined with a PIN or security questions, or access through a secure device.

The announcement included this message: “Any funds disbursed inappropriately may become the responsibility of the institution.”

It included a sample email from an attacker, with the subject line, “Updated billing statement issued,” and information urging students to pay their bill with instructions on how to do so through the student portal.

A spokeswoman for the National Association of Student Financial Aid Administrators said the organization didn’t have any comment because it did not have information beyond the warning from the Office of Federal Student Aid. A spokeswoman for the National Association for College Admission Counseling said the organization has notified its members.

Let’s block ads! (Why?)


Source link

What's Your Reaction?

Cry Cry
0
Cry
Cute Cute
0
Cute
Damn Damn
0
Damn
Dislike Dislike
0
Dislike
Like Like
0
Like
Lol Lol
0
Lol
Love Love
0
Love
Win Win
0
Win
WTF WTF
0
WTF

Comments 0

Your email address will not be published. Required fields are marked *

You may also like

More From: Education

DON'T MISS

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format