Monica Eaton-Cardone is the Co-Founder and COO of Chargebacks911. She has over 15 years of experience in eCommerce, payments and finance.
Online fraud is a perpetual point of discussion these days. That said, we often think about it in relation to topics like online shopping and credit cards. This can lead us to ignore other pressing threats in the digital space. For instance, we’ve seen a sharp uptick in reported fraud involving student financial aid.
Fraudsters see increasing opportunities in attacks focused on financial aid. Cybercrime specialists at the FBI noted one specific campaign that stole tens of thousands of dollars from students back in 2018. Since then, they’ve reported on multiple other campaigns targeting universities and student bodies all over the country.
Financial aid fraud was already a growing problem, and the issue was compounded by the onset of the Covid-19 pandemic.
Officials at the University of Kentucky warn that the Department of Education reports “an increased number of ransomware attacks targeting higher education institutions” in the wake of Covid-19. We’re seeing more reliance on technology, rather than in-person communication, as the virus drags on. Many students are unable to visit financial aid offices in person and are conducting more of their business online. This creates opportunities for bad actors to engage in fraudulent activity.
Spear Phishing For Students’ Financial Aid Dollars
So, how are these scammers operating? Generally speaking, those looking to commit fraud are specifically targeting students’ federal student aid login credentials by employing a tactic known as spear-phishing.
A typical phishing attack involves a fraudster who attempts to trick an individual into divulging their personal information. This could be done via a spoofed website or login portal, with the fraudster trying to cast a wide net and capture as much information as possible. With spear-phishing, the fraudster uses a precision-focused tactic to target a specific individual.
Fraudsters might send emails to individual students in which they impersonate officials from the students’ school or their financial aid provider. The criminal then convinces people to either hand over sensitive information or click a malicious link, thereby exposing them to fraud.
Spear-phishing tactics can give criminals access to sensitive and personally identifiable information, including financial information, without the student’s permission. They can then use that data in myriad ways, from opening lines of credit in students’ names to potentially stealing their financial aid.
This all happens because fraudsters operate opportunistically. Whenever large volumes of financial aid funds are disseminated, criminals will be there to try to siphon away the cash. They’re like sharks that smell blood in the water.
Set Clear Communication Expectations
There are a few things that schools can do to protect their students against spear-phishing attacks. For instance, they can employ two-factor authentication to gain access to student portals. This can involve providing multiple codes and passwords or even employing biometric technology such as a fingerprint. Using two-factor authentication can prevent bad actors from impersonating students and gaining access to their personal information.
Of course, no technology will ever be foolproof. Criminals are resourceful and are constantly looking for methods of refining their tactics to get around anti-fraud mechanisms. Thus, we need to devote considerable resources to educating students about the threat posed by these fraud attacks.
Although young people tend to be pretty tech savvy, they don’t often understand the ramifications of fraud or the threat it poses. If they see an email that looks like it came from their university, students may be inclined to trust it, even when they shouldn’t. Schools can address this by outlining in very clear terms:
• When students can expect emails.
• What they will ask of students.
• How they will ask it.
Educating Students On Fraud Prevention
The Internal Revenue Service puts a lot of effort into educating taxpayers on how to spot fraudsters posing as IRS officials. This is one of the most visible anti-fraud education campaigns in the U.S. I believe it could serve as a model for schools to follow on a smaller scale.
School officials should educate students about phishing attacks, including what they are and what risk they pose. They should encourage increased vigilance, especially during times when financial aid funds are dispersed, and make sure that students know how to identify red flags, such as grammatical errors or typos in supposedly official messages.
Students should also be warned about high-pressure, threatening or overpromising pitches that fraudsters employ to trick victims into acting fast. A criminal might impersonate a lender and threaten a student with legal action or other penalties unless they follow the fraudster’s instructions. Most young people won’t have experience navigating the financial aid process, so they may be tricked by those impersonating an imposing authority figure.
Students should always investigate every message before taking any action. This means avoiding unfamiliar links or email attachments and contacting the school’s financial aid department directly by phone if necessary.
As I said before, there’s no foolproof method for preventing fraud in all forms. But, with a little bit of education, we can help protect thousands of young people from becoming victims.