British students are being warned to be vigilant about a rise in smishing scams. The body that provides undergraduate funding, The Student Loans Company, has issued fresh guidance regarding fraudulent SMS messages.
What is happening?
In this scam, cyber criminals send SMS text messages pretending to be from the Student Loans Company (SLC). Recipients are warned that there may be a problem with their loan and that they must act quickly to ensure they are paid on time.
If the victim clicks on the link embedded in the message, they are redirected to an official-looking website. They will then be asked to log into the site with their SLC credentials and to update the bank account details associated with their loan payments.
Once they have captured this information, hackers can break into their victim’s bank account. They may also be able to divert incoming SLC loan payments to an account controlled by the hackers. Without that money, students may be unable to afford accommodation, food or tuition.
Smishing scams appear to be convincing and effective. The SLC reports that criminals attempted to steal more than £2.9 million last year using SMS fraud.
How can students protect themselves against smishing loan fraud?
The key to avoiding smishing scams is to be aware. The SLC never sends account confirmation requests via email, SMS, WhatsApp or social media channel. If you receive a text claiming to be from the SLC along with a link requesting additional information, you can safely delete and ignore it.
The SLC may email to advise of issues – but they will always ask students to log into their online accounts directly. They never include links in their messages. In this way, students are much less likely to click through to a fake website.
These techniques apply everywhere
Smishing attacks are not confined to students – anyone with a smartphone is a potential target for SMS fraud. But the same basic principles apply. Banks do send SMS alerts to their customers – but they do not include links. Instead, customers are expected to visit their bank’s website and log into their account directly to find out more information. If you receive a text message containing links, be careful – it is quite likely to be a scam.
To learn more about smishing and how to protect yourself, please take a look at our article Cyber criminals target Apple users with smishing attacks.