On September 14 students at Brunel were hit by a phishing scam, as emails received claiming to be from Student Finance England asked students to update their accounts by providing personal details.
The email, sent by various "users" with the email domain simmons.edu, redirected students to a website called ‘Fazindars’, hidden as it pretended to be a Direct.gov page. On this site the potential victims were then required to fill in details such as their names, student IDs, and passwords to their Student Finance accounts.
The aim of the phishing scam was to gain access to Student Finance accounts and change the bank details so that student loans would go straight into the scammers' bank account, leaving students without a student loan payment.
It is uncertain how many people have been affected by the scam, but the email featuring the Student Finance logo, is considered to be believable. The brief statement within it claims ‘We have noticed that your account has not completed the required update necessary for future payments by directgov.’
With Student Finance being notorious amongst students for difficulties surrounding late payment, the claim within the email that updating details is necessary ‘to ensure that your payment is not delayed’, is a believable one. By playing on a very real concern for students entering a new year at university, this phishing email made use of real world economic demands to pressure its targets into giving over vital information.
Brunel University has around 15,000 students who attend every year to study a variety of courses, and whilst a proportion of these students are international and therefore will not receive funding from Student Finance England, of those who do it seems almost all students have received the email. Most worryingly many have received it in their university inbox, the address of which has often not been provided to Student Finance.
There are clues within the email and the page linked to it that it is a scam, as first noticed at Brunel by Le Nurb journalists, who made the true nature of the emails known to the University and Union.
The email was formatted unusually for an official communication, signed off as ‘The SLC Direct.gov’, where Student Finance England most often signs off their communique simply as ‘Student Finance’. Furthermore, the awkward construction of the email sign posts its fraudulent nature, with unusual phrasing such as the inherent redundancy within ‘submitting your details we have on record via the link below.’
The scam targeted people in a vulnerable position, with an awareness of their personal situation, and although we are yet to know the full extent this has affected people it has come as a surprise and a worry to many. One student said ‘The email was very convincing- it came as a shock especially so close to first loan of the term. Luckily I was alerted by student media and the Union before I gave up my details’. The Union has released this advice within their press statement, ‘If you have already provided your bank details to this email, please change your Student Finance details and contact your bank immediately.’ If you need to seek further help or advice with the phishing scam please contact the Student Centre located in the Bannerman Centre or the Union's Advice and Representation Centre (ARC).
Were you a victim of the phishing scam? Share your story with Le Nurb.