The United States Department of Education Federal Student Aid office has identified a malicious phishing campaign that may lead to potential fraud with student refunds and aid distributions.
Multiple institutions of higher education have reported attackers are using phishing emails to obtain access to student accounts via the institution’s student portal. The nature of the requests indicates the attackers have done some level of research and understand the schools’ use of student portals and methods. These attacks are successful due to student compliance in providing requested information.
Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, FSA refunds intended for the student are sent to the attacker. FSA believes that attackers are practicing and refining the scheme on a smaller scale now and this will emerge as a prominent threat against schools during periods when FSA funds are disseminated in large volumes.
DePaul encourages all students to be vigilant and careful about using links and entering personally identifiable information into websites. If you have questions about the validity of an email, you can send it to the Information Security team at firstname.lastname@example.org