The Federal Bureau of Investigation (FBI) has released a new public service announcement warning against fraudulent websites, emails, texts or phone scams aiming to defraud individuals seeking federal student loan forgiveness.
According to the document, scammers are attempting to solicit personally identifiable information (PII), financial information or payment from potential victims.
The warning comes amidst the backdrop of the recently released Student Loan Debt Relief Plan, which will provide targeted student debt cancellation to borrowers with incomes below $125,000 (or joint filers with incomes below $250,000) with loans held by the US Department of Education.
The loan forgiveness will deliver up to $20,000 of debt cancellation for Pell Grant recipients and up to $10,000 for other borrowers.
“When significant and newsworthy events occur, in this case, the student loan forgiveness, certain kinds of opportunists almost always show up to build scams to capitalize on the attention,” Sean McNee, CTO of DomainTools, told Infosecurity.
“A lot of these scams will involve phishing, and one of the key ways to avoid getting caught by a phishing attack is to be aware of look-alike domains and websites.”
Case in point, the FBI has now declared that cyber-criminals may attempt to offer entrance into the federal student loan forgiveness program and then use their schemes to receive payment for services they will not provide or collect victim information they can use to facilitate a variety of other crimes.
“Threat actors are good at creating domain names that can fool a lot of users by looking very similar to legitimate domains. It’s important to keep vigilant about phishing and its 'cousins' (such as smishing – phishing over SMS),” McNee added.
According to the executive, while ransomware makes news, the losses from phishing are still considerably higher.
“Ultimately, since this specifically affects people’s financial information, including their Social Security number and other personally identifiable details, these kinds of phishing attacks can be devastating.”
To help potential victims protect themselves from these hacking attempts, the FBI has released several tips, which are available in the original text of the announcement.
Its publication comes months after the Bureau and Australian Federal Police jointly claimed to have found two websites containing over 300,000 unique sets of credentials obtained via credential stuffing.