Cyber-criminals use back-to-school scams by impersonating trusted educational institutions in their phishing attacks. These hackers aim at stealing either student’s intellectual property or financial and personal information.
Whether you are a high school student ready to make the most of the coming school year or a college aspirant preparing for the fall semester or the parent of the student, you must be mindful of the trending back-to-school scams developed by phishers, spammers, and scammers.
The US-based Better Business Bureau (BBB) recently warned back-to-school shoppers with regard to potentially fraudulent tech items that are being sold online. The BBB urges parents and students to ensure that they are doing due diligence when purchasing something secondhand online.
What Are the Techniques Behind Back-to-School Scams?
Back-to-school scams are quite similar to threats we have seen year-round. For example, in 2018, the Federal Trade Commission (FTC) of the US reported some top frauds that included imposter scams, tax frauds, and debt collection scams. These scams cost U.S consumers over $1.48 billion. Back-to-school scams are just different twists on these previous scams. Reportedly, back-to-school scams use almost the same techniques to attack graduates, students, and their parents.
What Are the Types of Back-to-School Scams?
According to the TESSIAN research, 40% of the top 20 US universities aren’t using DMARC (Domain-based Message Authentication, Reporting & Conformance) records and policies. DMARC records and policies are necessary to prevent scammers from impersonating a university’s email domain in phishing attacks.
Lack of DMARC records and security measures can lead to several types of back-to-school scams. The following sections will delve into the details.
Phony Tuition Fees
Scammers request phony tuition fees from students and parents even if they do not get to schools due to the Covid-19 pandemic. Many students don’t bother to verify the request and fall prey to phishing attacks. Many schools and universities reported that there was a spike in tuition fees scams targeting college and university students.
Fraudsters often ask parents for their child’s identity information when applying for common back-to-school activities such as joining an after-school class or a sports league. Scammers also prefer attacking children that are under the age of eight. A child’s identity can be more valuable to hackers as his social security number has never been utilized before, so he has a clean credit report that is rarely checked.
Scholarship scams target hundreds and even thousands of parents and students every year. According to many sources, scammers collect millions of dollars on an annual basis through scholarship scams. They imitate a legitimate government agency, education lenders, and grant-giving foundations using official-sounding names incorporating words like “Administration,” “Foundation,” “Federal,” and “National.”
Financial Aid Scams
Some organizations claim that they can make you eligible to receive financial aid, including work-study programs, loans, and grants. For processing fees, these organizations say that they will deal with all the paperwork for the so-call program. As a matter of fact, they are filling out the Free Application for Federal Student Aid (FAFSA), which is a fee form that determines your eligibility for federal aid.
More often, fraudsters employ bogus information regarding your family’s assets and income to make you qualify for more financial aid than you would get if they told the real story. You should not share your username and password that you will use to apply for the FAFSA. Bad guys can use this information to get into your account and compromise your sensitive data.
How Can I Prevent Back-to-School Scams?
Universities are welcoming students after longstanding remote work and are inundating students’ inboxes with updates between now and then. However, educational institutions must establish robust cybersecurity measures to protect their students and staff in the face of back-to-school scams.
- When you buy something online, beware of the scammers’ Tactics, Techniques, and Procedures (TTP). Fraudsters may use logos and hallmarks of trusted brands in order to fool the victim. To avoid this nightmare, BBB recommends students stick to retailers and steer clear of places like Craiglist and Kijiji.
- According to TESSIAN Research, email authentication records like DMARC are necessary to prevent scammers from directly impersonating your university’s email domain. To ensure they are legitimate, hover over the email to confirm the domain match the university’s.
- The email security policy should be strong enough to identify sophisticated spear-phishing attacks.
- Always deploy a Multi-Factor Authentication (MFA) to prevent unauthorized individuals from accessing your corporate systems. The MFA involves two or more factors to grant access to systems and other resources.
- Education regarding back-to-school scams should be a part of the institution’s security awareness program.
- Students and staff must immediately report the security incidents to IT departments or executives. This security measure can assist incident responders or Computer Security and Incident Response Team (CSIRT) to quickly apply remediation.
- Students and parents must not share their direct deposit details or their critical information such as social security numbers or credit card details to anyone.
- Students and parents should also not click on unusual or suspected links and malicious attachments.
- If your university is requesting something urgent such as Personally Identifiable Information (PII), you need to directly verify this request either via email or a direct phone call in the IT department of your university.