A scam targeting prospective Newcastle University students has been taking payments online by posing as a website belonging to the real university.
Newcastle University has issued a warning via Twitter confirming that the fraudulent site is not associated with the university in any way.
This may be another sign of cyber adversaries becoming more formidable, as the fake site has been reported as extremely realistic, with a number of individuals falling foul of the scam.
The name provided on the illegitimate site is “Newcastle International University”, a name not recognised in the United Kingdom. Due to the university guise, people have been tricked into providing extensive personal information.
Azeem Aleem, Director – Advanced Cyber Defence Practice EMEA at RSA: “Make no mistake, this is an effective scam. They’ve put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks.”
“Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn’t want to fall into the wrong hands. They have also been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University’s official site.”
Cybersecurity awareness has been raised extensively due to high profile attacks such as the WannaCry ransomware; it is essential that large organisations such as universities can respond efficiently to allow the least damage to be caused.
“Newcastle University’s response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim. This is why the public need to have greater awareness of the issue of spoofing and take care to protect themselves online. Our advice would be: firstly, avoid clicking on links to websites from emails, if it is from an unknown source. Instead, search for the website using an engine,” said Aleem.