Posted Date: August 31, 2018
|Author:||Federal Student Aid|
Subject: Active Phishing Campaign Targeting Student Email Accounts
Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.
What is happening: Multiple institutions of higher education (IHEs) have reported that attackers are using a phishing email to obtain access to student accounts via the IHE student portal (see example phishing email below). The nature of the requests indicates the attackers have done some level of research and understand the schools’ use of student portals and methods. These attacks are successful due to student compliance in providing requested information and the use of just one factor for authentication.
Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, FSA refunds intended for the student are sent to the attacker. FSA believes that attackers are practicing and refining the scheme on a smaller scale now and that this will emerge as a prominent threat against IHEs during periods when FSA funds are disseminated in large volumes.
Note: Any funds disbursed inappropriately may become the responsibility of the institution.
Example phishing email:
Why IHEs are vulnerable to this attack: The attackers are exploiting a common practice at many IHEs: the use of single-factor authentication to access institution systems. Single-factor authentication is the simplest method of authentication where a person uses only one credential to verify him or herself online; usually the one credential is a password matched to a username.
How to protect IHEs: FSA strongly encourages IHEs to strengthen their cybersecurity posture through the use of two-factor or multi-factor authentication processes. These types of authentication rely on a combination of factors, for example, username and password combined with a PIN or security questions or access through a secure, designated device.
If you believe your institution has fallen victim to an attack, report the incident immediately to [email protected] and [email protected]. Include the following:
Suggested remediation steps if an institution falls victim to the attack:
FSA will continue to monitor this situation and will send out additional information as appropriate. That information may include additional examples of the phishing emails, training resources, and best practices about how to avoid falling victim to phishing attacks.
Thank you for your attention to this matter. FSA is committed to working with IHEs to thwart phishing attacks and protect student financial aid information. If you have any questions about the information included in this announcement, please contact [email protected].
Publication Date: 8/31/2018