Active Phishing Campaign Targeting Student Email Accounts
Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.
What is happening: Multiple institutions of higher education have reported that attackers are using a phishing email to obtain access to student accounts via the IHE student portal (see example phishing email below). The nature of the requests indicate the attackers have done some level of research and understand the schools’ use of student portals and methods. These attacks are successful due to student compliance in providing requested information and the use of just one factor for authentication.
Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, federal student aid refunds intended for the student are sent to the attacker. To protect yourself, please ensure any email re: a billing statement or student refund is coming from an @sju.edu email address or from TMS, Tuition Management Systems (@afford.com). Please do not provide your SJU login credentials to anyone. Please be careful of any links you are clicking on in any email.
Example phishing email:
Students can purchase their books for Fall 2018 with their approved financial aid at the Bookstore now!
Students who have excess Financial Aid on their tuition account and would like to use those funds to purchase books and supplies, can go directly to the SJU bookstore or sju.bncollege.com to make the purchase with their Student ID until the end of the add/drop period for each semester. The funds used to purchase books or supplies will be deducted from your tuition account.