As the international back-to-school season starts, Kaspersky's cybersecurity experts have detected a significant surge in fraudulent activities. Cybercriminals exploit academic topics, launching sophisticated phishing campaigns. However, Kaspersky experts warn that this year, the campaigns have become more targeted, specifically aiming to steal personal data from students, educators, and administrators in the educational sector.
As the international back-to-school season starts, Kaspersky's cybersecurity experts have detected a significant surge in fraudulent activities. Cybercriminals exploit academic topics, launching sophisticated phishing campaigns. However, Kaspersky experts warn that this year, the campaigns have become more targeted, specifically aiming to steal personal data from students, educators, and administrators in the educational sector.
Fraudsters are increasingly leveraging data collection forms on platforms like SurveyHeart.com, a questionnaire like Google Forms, to carry out scams.
In one such scheme - a phishing attack that targets students at Neumann University in the U.S. - victims receive a notification claiming they are using two different Microsoft school emails across various university portals. To prevent their Office 365 account from being deactivated, they are asked to complete a survey requiring sensitive details such as their name, phone number, university email, and account password.
An example of fake notification targeting students
Another scam uncovered by Kaspersky experts involves fraudsters creating fake giveaways that promise students a chance to win various high-end gadgets useful for education, from iPhones to iPads and laptops. To enter these enticing contests, victims are asked to provide personal information and indicate their preferred laptop model. Additionally, individuals are prompted to share a link to a prize-draw page with 15 contacts via WhatsApp. While the prospect of winning a valuable item like a laptop is the lure, there's a hidden catch: the so-called winners are told they must pay for the delivery of their prizes. This demand for additional payment is a clear red flag that the giveaway is a scam.
The offer may seem tempting, but the combination of an unusually generous prize and the requirement to cover delivery costs is a telltale sign of fraudulent activity.
"These scams go beyond immediate data theft and could lead to more serious, long-term consequences," cautions Olga Svistunova, a security expert at Kaspersky. "If attackers gain access to private school information, such as class schedules, it could be exploited for doxing, stalking, cyberbullying, or even identity theft. It's essential for students to be vigilant and cautious when responding to such suspicious notifications."
To stay safe against education fraud, Kaspersky experts also recommend:
- Stay skeptical: Exercise caution when encountering “too good to be true” offers, especially if they require payments or personal information upfront.
- Verify the source: Thoroughly research any scholarships, giveaways, or offers that come your way. Look for official contact details and confirm legitimacy before taking any action.
- Secure your information: Avoid sharing sensitive data online unless you're absolutely certain about the legitimacy of the request.
- Use trusted sources: Stick to official school websites, recognised scholarship platforms, and reputable retailers when making payments or providing personal information.
- Enable Multi-Factor Authentication (MFA): Activate MFA wherever possible, adding an extra layer of security to your online accounts. Use a reliable Password manager that doesn’t just store your passwords but also generates one-time passwords for 2FA automatically.
- Use a reliable security solution for comprehensive protection from a wide range of threats, such as award-winning Kaspersky Premium.