Beware of spear phishing

What happened?

The FBI is investigating widespread cybercriminal activity targeting college and university students via spear phishing. Spear phishing, in contrast to traditional phishing, involves highly targeted phishing emails sent to a specific group of individuals—in this case, students with federal student loans. In these more sophisticated phishing attacks, the bad actor will contact the student using information they’ve already collected about them in an attempt to earn their trust and steal their credentials. These campaigns frequently coincide with periods when large volumes of financial aid funds are disseminated.

What can you do to protect yourself?

If you are contacted by someone purporting to be from a loan provider, follow these steps to stay diligent against these spear phishing scams:

  • Use extreme caution when receiving emails with attachments and links. These links or attachments can be malware that will infect your computer. What looks like a legitimate hyperlink can be a link to a criminal website. When in doubt, hover your mouse over the text of the hyperlink; you should see the full URL, which will help to show whether it leads to a legitimate website.

  • Never send personal information over email if you are not 100% certain that the email is legitimate, or better yet, use the loan provider’s online information system or secure portal to provide anything personal about yourself or your finances.

  • If you are unsure about an email, contact the sender to confirm using a valid method that is known to you. Don’t use a phone number or email supplied in the suspicious email.

  • Note: FIT’s Financial Aid Services will never ask for your personal information via email, only your FIT ID number.

  • Lock down your personal information by enabling two-factor authentication on as many of your online financial accounts as possible.