Students have been targeted by a phishing scam claiming to be from the University of Manchester’s bursary scheme. The scam asked for a significant amount of sensitive information from students, such as bank details and National Insurance numbers.
The link attached to the compromised email address, offering students an award of £1750, took students to “http://rodrigorcarvalho.com.br”, a compromised website, with the criminals attempting to obtaining National Insurance numbers and bank details as well as a wide variety of other private information.
University of Manchester students are not the only ones believed to be targeted by phishing scams, with similar ‘fake bursary’ emails attempting to con students out of their money and reveal sensitive information being reported at multiple universities across the country, including in Leicester and Cardiff.
The University has stated there that is no way of determining if this is the same scam, as the the emails were sent using a compromised account from another institution and the fake submission form was hosted on a compromised website. However, is clear that students are increasingly being targeted by such ‘fake bursary’ phishing schemes.
Alex Walter, a first-year American Studies student at the University of Manchester, was one of the students targeted by the scam. Alex, as well as other students, posted a warning about the scam on the popular Fallowfield Students Group (FSG). He explains: “most students would jump at the money, myself included. I thought it was best to post in FSG, as I knew some students would fall victim to it.”
Alex was quick to identify the email as being “dodgy”. However, some may have found it easy to overlook the details. The form which was sent from “a dodgy email”, tracing back to Keele University, asked students for their security code and National Insurance number. The possible consequences of falling for the scam include access to your bank accounts and identity theft.
Psychology student Izzy O’Rourke told The Mancunion, “although I was not targeted by this scam, I fell for one claiming to be from Amazon last year. Since it looked legitimate, I ended up giving them my credit card details.” She highlighted how students have to be continuously wary of increasingly sophisticated and realistic scams attempting to gain personal information.
Whilst this is undoubtedly a worrying attack, it has highlighted how quick-thinking students can use student social media groups to exchange information and keep others safe.
Although the University has said it is impossible to determine how many were targeted by the scam, the only reports IT services have so far received were from those who knew, or were suspicious the email was fraudulent. However, their main advice to students who receive a dubious email is:
- Is the sender of the email someone you know?
- Does the URL it contains look legitimate ? (Hover your mouse to check)
- Were you expecting an attachment?
- If you are suspicious contact the University or your school to find out if it is legitimate