Scam of the Week: University Students Targeted with HMRC Phishing Emails

October 4, 2018 6:48 am Geraldine Strawbridge HMRC student phishing scam

HM Revenue and Customs (HMRC) have warned students across the UK to be cautious after a rise in phishing emails designed to steal their money and personal details.

Fraudsters are targeting students with a range of different scams, including sending fake tax refunds from what appears to be an official university email address.

Using seemingly legitimate university email addresses such as ‘ ac.uk’, the crooks can evade detection and successfully trick the user into believing they are receiving authentic correspondence from the university.

The emails include the branding of HMRC, and the recipient’s name is mentioned several times throughout the email to add further weight to the fraudulent message.

If the student clicks on the link within the email, they are directed to a phishing website where they are instructed to enter their personal details alongside their banking information.

The fraudsters will then use the data to steal money from the victim’s bank account or they’ll sell the information on to other criminals.

Over 620,000 tax-related email scams were reported to HMRC last year, up 20,000 on the previous year.

Students, particularly freshers, are proving to be a very attractive target for these types of phishing scams due to the wealth of information they receive about university courses, log-in details, and events taking place across campus.

The crooks will methodically do their research and slip well-crafted phishing emails in amongst legitimate university correspondence in the hopes of tricking vulnerable students.

Some of the more common scams targeting students include:

  1. Student Loans Phishing Scam: Students will receive an email from the Student Loans Company (SLC) asking for their password and financial details to ensure that their student loans arrive on time. The emails will include the SLC branding and may appear to resemble official communications from the company. However, the SLC would never request this information in an email.
  2. Rental Fraud: According to Action Fraud, £22 million was lost to rental fraud between 1 April 2014 and 31 March 2018, with an average of £1,396 lost per victim. Students looking to rent a property are asked to pay a fee in advance for a property that doesn’t even exist.
  3. Money Laundering: Students will typically be coerced into letting someone use their bank account to move money from criminal accounts. As part of the deal, they will be allowed to keep some of the money for themselves. This can prove an attractive way for some cash strapped students to make some extra money, however, the penalties for money laundering are severe and could result in a lengthy prison sentence.
  4. Job Scams: Students with limited job experience are frequently targeted with fake recruitment posts. They will be asked to complete bogus application forms that request personal and financial details as well as supplying copies of identity documents such as a drivers licence or passport.

To deal with the onslaught of scams that are being used to target them, HMRC has provided some advice to students on how they can avoid being scammed:

  • Genuine organisations such as banks and HMRC will never contact you out of the blue to ask for your Pin, password or bank details.
  • Do not give out private information, reply to text messages, download attachments or click on links in emails you were not expecting.
  •  Forward suspect emails claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599.
  • Check gov.uk for information on how to avoid and report scams and to recognise genuine HMRC contact.
  • Contact your bank immediately if you believe you have submitted card details to a scammer and report to Action Fraud if you suffer financial loss

MetaCompliance has created extensive Cyber Security awareness solutions, including content specifically focused on the education sector to address the unique threats faced by students. Our targeted training courses cover a broad range of topics including: Everyday Cyber Security threats, essential phishing awareness, student safety, the different scams used to target students, dangers of malicious software, emails essentials, securing mobile devices, laptop security, and how to stay safe on social networks.

To find out more about our extensive range of courses or to arrange a free demo, contact sales@metacompliance.com

Further Reading

How Universities can protect themselves from Cyber Attack