Online criminals clone UK university's website to phish for cash

Personal information also targeted…

Online criminals clone UK university's website to phish for cash

Criminals have cloned a UK university's website in an attempt to phish for unsuspecting students' cash and personal information.

On 20 July 2017, Newcastle University confirmed on Twitter its knowledge of a rogue website fraudulently abusing its brand. Its tweet contained the following image:

Dflyh quwaate7l

"We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses. The website 'newcastle international university' is in no way affiliated with the University and we are advising anyone who finds the website should not submit any personal details. All students should use our official website http://www.ncl.ac.uk/"

Fair enough. Let's go and visit the school's official website. Here's what we see.

Screen shot 2017 07 21 at 11.21.02 am

Okay, pretty standard. Now for the fraudulent website, which is located at http://newcastleinternationaluniversity[dot]com/:

Screen shot 2017 07 21 at 11.21.18 am

As you can see, the scammers went all out with this one. They created dozens of sub-pages explaining the different programs offered by the university. This effort sits against the backdrop of what appears to be a professionally designed website.

To be fair, the fraudsters did commit a few mistakes. First, the actual research institution is called "Newcastle University," not "Newcastle International University." Second, those responsible for the cloned website used the wrong coat of arms, thereby giving away their creation as fake.

But those details don't matter to unfamiliar eyes, such as those belonging to incoming foreign students who are already making arrangements of traveling to the school in the fall. Towards that end, it's plausible some hapless prospective pupils visited the fake website's "Online Application" page and entered in their personal information, Passport ID, and credit card details into the application form.

Screen shot 2017 07 21 at 11.22.54 am

Screenshot of the phishing application form.

At this time, it's unclear whether anyone fell for the fake website and handed over their personal data to scammers. RSA's Azeem Aleem feels it's more than likely that someone did. As he told the The Register:

"Make no mistake, this is an effective scam. They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks. Newcastle University's response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim."

Given the likelihood that students received a link to this website via spam mail, it's important that web users in general exercise caution around suspicious links and email attachments. If they receive an email from a familiar entity requesting action on their part, they should look up the sender organization in a reputable search engine and navigate to their website that way. Doing so will diminish the chances of landing on a hacked or fake website.

If you've fallen for the scam above, please contact Newcastle University, your local police, and your card issuer/financial institution.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

No comments yet.

Leave a Reply