As students return to school, they’ll have to keep as close an eye on their inbox as they do on their GPA, as law enforcement has warned of a new wave of phishing scams targeting students in an attempt to steal their personal information.

The attack highlighted by Action Fraud—the United Kingdom’s fraud and cybercrime reporting center—as well as by the City of London Police, who are advising new and returning students at universities to be aware of the email-based scams.

The phishing emails directed at university goers purport to be from the Student Loans Company, a government-owned non-profit that provides student loans to those attending school in England, Northern Ireland, Scotland and Wales.

The messages are relatively straightforward and not personalized, but deliver a message that may be enough to cause alarm for students and trick them into engaging with the email, especially during the busy first days of a new semester.

STRUCTURE SECURITY -- USE THIS ONE
Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Newsweek Media Group

Emails in the phishing campaign are addressed to “Student,” and includes a message that claims the victim’s account for their student loan has been suspended due to inaccurate or incomplete information provided to the government organization.

In order to reactivate their account, the student is advised to update their information by clicking a link contained within the email. The message takes an additional step to provide a false sense of security by assuring the students the government organization would never ask them to click on an unsecure link to share information—though that is exactly what is being done.

If the student clicks the link, they are directed to what appears to be a login page for the Student Loans Company. However, when the victim enters their login information, they are actually handing over their credentials to the threat actors.

The phony login page prompts users for an email address, password, and secret answers to security questions. Surrendering any of that information would potentially allow the attacker to hijack the student’s actual account, which contains personal information including financial accounts and other information that could result in fraud or identity theft.

According to Action Fraud, the attack has been active for at least two weeks and has been part of a blanket campaign targeting new and current students, including those who have never applied for financial aid.

While it’s clear how receiving the email could cause a panic in the recipient and lead to them surrendering personal information, a close inspection of the email would reveal a number of telltale signs that it isn’t a legitimate message.

There are a number of typos and grammatical errors that one wouldn’t expect to see in an email from a government organization. The Student Loans Company has also issued a reminder to students that it never asks for personal or banking information over email.

"We want to remind students to stay vigilant with the details they provide online and to be mindful of the personal information about themselves they post online and on social media too," Paul Mason, Executive Director of Repayments and Counter Fraud at the Student Loans Company said in a statement.