Phishing attempts against UK students seek to steal banking data

UK students are facing phishing attempts mimicking tax refund emails

HMRC received reports that numerous UK students have been receiving fake tax refund messages which seek to steal banking details.

Nowadays, when extortion spam and different scams keep tricking users worldwide, Her Majesty’s Revenue and Customs (HMRC), the department which is responsible for tax collection,^[1] has warned users about phishing attempts made against numerous UK university students. Hackers have been targeting educational institutions for two months now. During this attack, the target receives a rogue tax refund email which is set to take over sensitive information and expose financial details.

A list of universities and colleges which students might have become the victims of this illegitimate spam includes the following names:^[2]

• Newcastle;
• Sussex;
• Southampton;
• Cambridge;
• Bristol;
• Aberdeen;
• Imperial College London;
• Nottingham;
• and many others.

Hackers' tricks used to convince their victims explained

Fraudsters who are behind this phishing attempt are using specific tricks to convince users into opening the email message. First, these people are spreading emails “informing about tax refunds” and make them look official by adding the ac.uk/Gov.UK appendixes to the email addresses.^[3] Moreover, these emails include recognizable credit card numbers which could have confused the students.

The crooks have also been inserting a website link which is created to steal the personal data and expose banking details. If a student clicks on the given hyperlink address, hackers could easily take the money from bank accounts provided by victims.^[4]

The number of affected students has not been revealed

HMRC hasn't revealed the number of students who have become the victims of this hacking attempt. Furthermore, there also is no information about the stolen amount of money during the attempt, or if there were any thefts of this kind.

However, all targets should note that HRMC does not inform people about refunds via email or text messages. The organization gave the phishing@hmrc.gsi.gov.uk email address where people should write if they have received any suspicious-looking messages related to tax refunds.^[5]

Additionally, Mel Stride, financial secretary of the department, has announced about the importance of being aware of such scams:

Although HMRC is cracking down hard on internet scams, criminals will stop at nothing to steal personal information. I’d encourage all students to become phishing aware – it could save you a lot of money.

Stay safe online and avoid phishing attempts

If you want to keep your personal data safe and avoid hacks like this, you should learn some precautionary measures. First, if you ever receive an email message you have not been expecting to get, you should clarify it carefully. Check the sender's name, the written content, think whether it makes sense or includes grammar mistakes. Only when you are a 100% sure that the email is safe, you can consider opening it, otherwise, do not take such risk, if the information is truly important, it will reach you from somewhere else also.

Additionally, you should keep all your online accounts protected. This way you will be able to avoid data exposure and keep sensitive information safe. What you have to do is to choose only strong and long passwords (if you think you might forget it – write it down and keep it in a safe place). Furthermore, use two-factor authentication^[6] as this option might not let hackers to break through your account's security.