The United States Department of Education(DOE) Office of Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud with student refunds and financial aid distributions.
Multiple institutions of higher education have reported attackers are using phishing emails to obtain access to student accounts via the institution’s student portal. The nature of the emails suggests the attackers have done some level of research and understand the schools’ communication methods and the attacks are successful because students providing the requested information without validating the email. Example of a phishing email provided by FSA.
Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, FSA refunds intended for the student are sent to the attacker. FSA believes that attackers are practicing and refining the scheme on a smaller scale now and this will emerge as a prominent threat against schools during periods when FSA funds are disseminated in large volumes.
JWU encourages all students to be vigilant and careful about using links and entering personally identifiable information into websites. If you have questions about the validity of an email or have responded to these types of fraudulent email messages, please notify the IT Service Desk at https://it.jwu.edu/. And, always reset your password immediately at https://prm.jwu.edu/QPM/User/Identification/.