More Schools Target Fake Student Addresses

A fake email could rob some college students of federal money. 

The U.S. Department of Education’s financial aid office has reported a “malicious phishing campaign” using a phony message to gain access to students’ accounts at several colleges.

It does not identify any of the schools affected.

The phony message targets students who are due a refund of financial-aid money. When a student is eligible for more aid than the cost of tuition and housing, colleges and universities typically send the extra amount to students electronically, using the institutions’ online student portals. A student set to receive $15,000 in aid, for example, who only had to pay $12,000 for tuition and housing, could get $3,000.

An example of one of the scam messages invites students to confirm some information on their school accounts. Then, the education department says, the attackers change the direct-deposit information so the refund would be sent to their account instead. 

Recommended for you

Recommended for you

Recommended for you

Most read

  1. 1 James Brown’s daughter, Venisha Brown, dies at 53
  2. 2 BREAKING: Clayton jury awards boy $30 million for botched circumcision
  3. 3 4 taken to hospital after toxic chemical leaks from truck in Cherokee

The scheme has worked, the department warns, because students have provided the information the email requested. “The nature of the requests indicates the attackers have done some level of research and understand the schools’ use of student portals and methods,” it said in a press release.

“Federal Student Aid believes that attackers are practicing and refining the scheme on a smaller scale now and that this will emerge as a prominent threat … during periods when FSA funds are disseminated in large volumes,” it said.

The department encouraged colleges and universities to switch from single-factor authentication on the student portals, the setup where only one piece of verifying information, a password, is needed to access an account.

It wants schools to use “two-facator or multi-factor authentification processes” that “rely on a combination of factors, for example, user name and password combined with a PIN or security questions or access through a secure, designated device.”

The release also says funds issued “inappropriately may become the responsibility of the institution.”  

Source :

Cyber attacks target some student financial aid
As Police See More Fake Threats, FBI Urges Students To #ThinkBeforeYouPost
L.A. charter school aims to toss out students with fake addresses
The Kavanaugh controversy meets fake news. Real fake news.
School officials set out to find kids enrolled under fake addresses. Here’s what happened.
Minnesota’s new school accountability system: How is it different — and how is it being received?
Law Enforcement Grapples with School Threats, China Targets U.S. Natural Gas, Texas Guard Charged in Death of Inmate, And More
US schools hiring private companies to spy on students’ social media
School district targeting chronic absentee rating
Oak Park District 97 sets attendance goals to target chronic absenteeism