Although no incidents have been reported, Stockton University students should be aware of a malicious phishing campaign that has hit some campuses throughout the country.
Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.
Multiple colleges and universities have reported phishing emails attempting to obtain access to student records and loans via student portals, according to FSA.
Because of the excellent job higher education institutions have done educating their employees, attackers are now targeting students.
“The cyber criminals are doing their research first and identifying campuses’ use of particular student portals,” according to Campus Guard Alert. They then use this information to target their phishing messages to students so that the request appears legitimate.
“Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, FSA refunds intended for the student are sent to the attacker.”
Here is an example of a phishing email:
Federal Student Aid will continue to monitor this situation and will send out additional information to colleges and universities as appropriate. That information may include additional examples of the phishing emails and best practices about how to avoid falling victim to phishing attacks.