Student Loan Officials Warn of New Phishing Scam

Advertiser Disclosure

Student Loan Hero Advertiser Disclosure

Our team at Student Loan Hero works hard to find and recommend products and services that we believe are of high quality and will make a positive impact in your life. We sometimes earn a sales commission or advertising fee when recommending various products and services to you. Similar to when you are being sold any product or service, be sure to read the fine print understand what you are buying, and consult a licensed professional if you have any concerns. Student Loan Hero is not a lender or investment advisor. We are not involved in the loan approval or investment process, nor do we make credit or investment related decisions. The rates and terms listed on our website are estimates and are subject to change at any time. Please do your homework and let us know if you have any questions or concerns.

Editorial Note: This content is not provided or commissioned by any financial institution. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by the financial institution.

phishing student loan data
Logo

We’ve got your back! Student Loan Hero is a completely free website 100% focused on helping student loan borrowers get the answers they need. Read more

How do we make money? It’s actually pretty simple. If you choose to check out and become a customer of any of the loan providers featured on our site, we get compensated for sending you their way. This helps pay for our amazing staff of writers (many of which are paying back student loans of their own!).

Bottom line: We’re here for you. So please learn all you can, email us with any questions, and feel free to visit or not visit any of the loan providers on our site. Read less

A new phishing scam is targeting students entitled to financial aid refunds, the Department of Education warned in a statement.

Multiple colleges and universities have reported to the department that students have received emails seeking information necessary to gain access to student portals. Attackers who gain access change direct deposit information so that financial aid refunds are sent to the attacker’s accounts.

Fraudulent emails target student sites

Students targeted by the phishing scam receive an email sent through password-protected student websites. The email appears to come from their college or university, the department said in the statement, dated Aug. 31 but not widely reported until the Washington Post published coverage of it Saturday. The Post said the authorities it spoke with had declined to identify which schools reported the attacks.

A sample email provided by Federal Student Aid, an office of the Department of Education, asks students to confirm their updated 2018 bill to avoid late fees. The nature of the emails suggests attackers have researched the targeted academic institutions to understand their communication practices, the statement said.

Redacted sample phishing email posted by the Department of Education (Source: Federal Student Aid)

 

When students fall victim to the scam, attackers can use their provided information to redirect financial aid refunds to the attacker’s accounts by changing direct deposit information. Many students are entitled to financial aid refunds if they receive loans in larger amounts than necessary to cover tuition, room, and board. The school refunds this excess aid to students so they can use it to pay living expenses.

The Department of Education has warned that federal aid funds distributed inappropriately may become the responsibility of the institution that disbursed the funds.

Student aid portals at colleges and universities are vulnerable to this type of phishing scam because enough do not use two-factor or multifactor authentication to verify that login attempts are legitimate. The Department of Education has urged higher education institutions to impose more stringent security measures, such as requiring students to answer security questions or to provide a PIN number in addition to a username and password.

The department is also urging institutions subject to the attack to consider freezing refund requests or blocking changes to direct deposit information. Taking precautions is essential, as evidence suggests attackers are refining their scheme and may target more institutions as financial aid refunds are distributed in large volumes as the school year gets underway.

Students should also protect their account security by refraining from clicking email links or providing personal identifying information in response to email requests. Instead of using links, always visit websites directly by typing the site’s address into your browser to avoid falling victim to this or any phishing scam.

Federal Student Aid said it would “continue to monitor this situation and will send out additional information as appropriate. That information may include additional examples of the phishing emails, training resources, and best practices about how to avoid falling victim to phishing attacks.”

Beware of other scams, too

The phishing attack on loan refunds is one of many scams aimed at student loan borrowers. These can range from the notorious “Obama student loan forgiveness” scam popular during the previous presidential administration to promises that your loan can be discharged if you’re disabled.

Watch out for red flags such as unnecessary fees or requests for excessive information. And if you do think you’ve fallen victim to a scam artist, follow these steps to protect yourself from further harm.