Newcastle University has been forced to issue a phishing alert after spotting a highly professional looking but fraudulent site trading on its name.
In a tweet yesterday, the Russell Group university claimed the scam site is using its brand and accepting credit card payments to secure fake courses.
It added:
“The website ‘newcastle international university’ is in no way associated with the University and we are advising anyone who finds the website not to submit any personal details. All students should use our official website http://www.ncl.ac.uk.”
The site, seen by Infosecurity Magazine, is well-designed and highly convincing, and could end up tricking prospective students not only into handing over their credit card details to secure a place, but other sensitive personal information including passport details.
Phishing is an increasing problem among the UK’s universities, both in terms of their brand being used by scammers and staff and students being targeted.
An FOI request from Duo Security in April revealed that nearly three-quarters (70%) had fallen victim to phishing attacks over the previous 12 months.
Azeem Aleem, director of the advanced cyber defence practice EMEA at RSA, argued that the Newcastle University scam is directed at foreign students who may not be able to spot the difference between it and the official site.
“Newcastle University’s response has been admirable, quickly identifying and warning prospects about the site,” he continued. “Yet it is often very hard for a company or organization to know if their site has been spoofed until someone has already become a victim. This is why the public need to have greater awareness of the issue of spoofing and take care to protect themselves online.”
Aleem urged users to avoid clicking on website links in unsolicited emails, to check the URLs of any site they visit and to check the address bar to ensure the site they’re visiting is secure. He added that before sharing personal or financial details online, they should phone and speak to someone.