‘Back to college’ students warned about scammers

13 Sept 2021

As swathes of students start their journey through higher education, or return to universities and colleges where physical attendance has been on-and-off during the pandemic, the Student Loans Company (SLC) has issued warnings to the 1million+ young adults who are, this month, gaining access to over £2bn in funding for their courses.

If your children or grandchildren are amongst them, please forward this article to them.


Wherever and whenever large sums of money are moved you can be sure that scammers will be waiting with as many tricks as they can think of to part their targets from their money. This academic year is no different with warnings about phishing emails and money muling adverts on social media to the fore.

This story covers all the usual advice for UK citizens, but is unusual in that all the language and timelines are changed so that they work in an educational setting.

Fraudsters know that large sums of money are moved in September, January and April each year to match term dates.  Naturally, they are using reminders in their ‘Scams To Do List’  calendar and start bombarding student email and social media accounts as soon as the money hits their bank.   The SLC has a dedicated anti-Fraud team that claims to have stopped £850k of losses in the last 2 years, but they know that the problem is likely much bigger and need to help educate students on the tell-tale signs of a scam before it is too late.

An overview of the problem is neatly captured in the video below.

Tips for students: What to look out for

  • Be on guard for any emails, phone calls or SMS messages that feel odd, especially around the time you are expecting a payment and from people you have never heard from before.
  • Scam emails are often sent in bulk and are unlikely to contain both your first and last name; they commonly start, ‘Dear Student’ so be suspicious if you see one like this.
  • Check the quality of the communication – misspelling, poor punctuation and bad grammar are often tell-tale signs of phishing.
  • Messages that say thing like: ‘Failure to respond in 24 hours will result in your account being closed’ are designed prompt a quick response and a hurried mistake.
  • Think before you click.  If you receive an email or SMS that contains a link that you’re not sure of then try hovering over to check that it goes where it’s supposed to.  If you are still in any doubt don’t risk it.  Go direct to the real source of the email (like Student Loan Company or Lloyds bank) with your own search rather than clicking on a potentially dangerous link.
  • Potential scammers can use a variety of methods to try get students to pay money or share their personal details, including the use of fraudulent phone calls, social posts and direct messaging on digital platforms.  If you are suspicious of being contacted, always use official phone numbers, your online account and official communication channels to verify the contact you received is genuine.

Don’t overshare online – it is a fraud risk more than an embarrassment risk

Students should be careful with the information that they share about themselves on social media, and elsewhere online, to help guard against the surge in identity theft.  When a scammer has enough information about a person’s identity (such as their name, date of birth, customer reference number or course information) to impersonate them, online or over the phone, they can cause untold damage.  One example is where the scammer uses data to access an online bank account and change the password so they can divert the cash to themselves.  This is a risk that didn’t affect parents when they were studying.

Money Muling scams haven’t gone away

IPS wrote about the growth in Money Muling back in January,  New advice on this topic comes from research conducted by Information Security specialists Mimecast who have been tracking a new scam that targets students getting used to their new university provided email address.

The scammers first compromise the student email address with phishing emails that open up access to the student’s address book of fellow students and academics.  They use those email addresses to email hard-up students with fake jobs offering quick cash for basic administrative tasks, or allowing their accounts to be used to move money around for an easy commission.  Invariably the emails contain short URL links to Google Forms that hoover up personal details for later scamming opportunities.

Colleges and universities provide the perfect breeding ground for scams like this: large sums of money in student accounts and cash-starved university IT departments.  These IT teams are often small and dedicated to protecting the academic staff and the institutions rather than protecting student email accounts.  It has not been an area of focus for them trying to offer good degrees, good outcomes and climb performance tables.  You can read more here.

IPS Summary

  • Share this article with students you know
  • Help them become cynical of strangers asking for personal data
  • Remind them of the pain and anguish that would follow if their accounts were raided or they became known to criminal scammers by accepting payment from them (however innocently it might have started).
  • Any ‘too good to be true’ emails or social posts should be at the top of their worry list and they shouldn’t respond instantly, even though that is now an ingrained behaviour for many of them.
  • Scams are being targeted at students.  Scams could ruin their college years.  Help them avoid being scammed.

Have your say

As an IPS member, you can leave us your thoughts, comments and experiences in the commments section below

Leave a Reply

You must be logged in to post a comment.