Phishing student loans’ pages target students

University students in the UK that have taken out a loan with the Student Loans Company have lately been targeted by a phishing scam that presents to them a page that is supposedly a login page for “Student Finance”.

According to Sunbelt, users are asked to enter their Customer Reference Number and then to enter a large amount of personal information: name, date of birth, National insurance number, address, email address, password, bank sort code, bank account number, and more:

After having entered all this information (every field is marked with an asterisk, signaling that it must be filled in) and having pressed the Save button, the victim is redirected to the real Directgov student finances logout page.

If the victim had any doubt that the page was bogus, he is now reassured by the legitimate domain (slc.co.uk) in the address bar. On the other hand, I know I would be suspicious that I was redirected to a logout page after pressing a Save button. Even though it says on the page that “if you have not deliberately logged out then it is likely that you have been timed out by the system, which logs users out after 15 minutes of inactivity”, who takes 15 minutes to fill in a simple (if extensive) fill in form?

In any case, it pays to be extra careful when visiting sites that require login or personal information. In this case, a hint that something might be off san be found in the URL of the phishing page: audiotype(dot)com(dot)au/direct.gov.uk. Checking out the list of potential phishing sites at Phishtank, you can see that there were other domains purporting to be Directgov’s: