As the back-to-school season approaches, Kaspersky's cybersecurity experts have detected a significant surge in fraudulent activities. Every year, cybercriminals exploit the busy period of academic preparations and purchases, launching sophisticated phishing campaigns. However, Kaspersky experts warn that this year, the campaigns have become more targeted, specifically aiming to steal personal data from students, educators, and administrators in the educational sector.
Fraudsters are increasingly leveraging data collection forms on
platforms like SurveyHeart.com, a questionnaire like Google Forms, to carry out
scams. Kaspersky experts have identified phishing attacks that use these fake
questionnaires to target students at Neumann University in the U.S.
In one such scheme, victims receive a notification claiming they are using two
different Microsoft school emails across various university portals. To prevent
their Office 365 account from being deactivated, they are asked to complete a
survey requiring sensitive details such as their name, phone number, university
email, and account password.
"These scams go beyond immediate data theft and could lead to more
serious, long-term consequences," cautions Olga Svistunova, a security
expert at Kaspersky. "If attackers gain access to private school
information, such as class schedules, it could be exploited for doxing,
stalking, cyberbullying, or even identity theft. It's essential for students to
be vigilant and cautious when responding to such suspicious
notifications."
An example of fake notification targeting students
Another scam uncovered by the team involves fraudsters creating fake
giveaways that promise students a chance to win various high-end gadgets useful
for education, from iPhones to iPads and laptops. To enter these enticing
contests, victims are asked to provide personal information and are instructed
to provide personal information and indicate their preferred laptop model.
Additionally, individuals are prompted to share a link to a prize-draw page
with 15 contacts via WhatsApp. While the prospect of winning a valuable item
like a laptop is the lure, there's a hidden catch: the so-called winners are
told they must pay for the delivery of their prizes. This demand for additional
payment is a clear red flag that the giveaway is a scam.
The offer may seem tempting, but the combination of an unusually generous prize
and the requirement to cover delivery costs is a telltale sign of fraudulent
activity.
An example of a back-to-school giveaway scam
To stay safe against education fraud, Kaspersky experts also recommend:
- Stay Skeptical: Exercise caution when encountering “too good to be true” offers, especially if they require payments or personal information upfront.
- Verify the Source: Thoroughly research any scholarships, giveaways, or offers that come your way. Look for official contact details and confirm legitimacy before taking any action.
- Secure Your Information: Avoid sharing sensitive data online unless you're absolutely certain about the legitimacy of the request.
- Use Trusted Sources: Stick to official school websites, recognized scholarship platforms, and reputable retailers when making payments or providing personal information.
- Enable Multi-Factor Authentication (MFA): Activate MFA wherever possible, adding an extra layer of security to your online accounts. Use a reliable Password manager that doesn’t just store your passwords but also generates one-time passwords for 2FA automatically.
- Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Premium.