Criminals have set up a realistic looking website called Newcastle International University, complete with information about courses. The URL doesn't point to a UK educational domain (.ac.uk), but students unfamiliar with such details may be tricked into applying for non-existent courses.
The scam comes as student battle to secure a place on a degree course, so may be vulnerable to falling for such tactics by criminals.
The University has issued a formal warning to students, as the site is harvesting information such as passport numbers, as well as taking payments.
According to a tweet issued by the university, it said it had been “made aware of an unofficial website” fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses.
“The website ‘Newcastle international university' is in no way associated with the University and we are advising anyone who finds the website not to submit and personal details,” said the tweet.
Thomas Fischer, threat researcher and security advocate at Digital Guardian, told SC Media UK that fraud alerting is no easy feat.
“Companies need to make concerted efforts to monitor their online presence to ensure that attackers are not attempting to impersonate their brand to get sensitive customer data directly from the customer,” he said.
“They also need to ask customers or users to remain vigilant and proactively report any suspicious activity associated with the brand. In addition to the phishing emails seen by Newcastle Uni students, this extends to fake websites and fake promotional text messages. When it comes to fraud, transparency is key in building a trusted relationship between company and user.”
Azeem Aleem, director - Advanced Cyber Defence Practice EMEA at RSA, told SC Media UK that this was an effective scam.
“They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks,” he said. “Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn't want to fall into the wrong hands. They have also been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University's official site.”
“Newcastle University's response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim.”