Beware of “Rbauxx” – it is a Fake RayBan Sunglass Selling Website

Beware of "Rbauxx" - it is a Fake RayBan Sunglass Selling Website

The website “www.rbauxx.com” is another untrustworthy online store claiming to sell RayBan sunglasses/eyeglasses, which online users are advised to stay away from. Persons who shop on the untrustworthy website run the risk of their personal, credit card and other payment processing information getting stolen by cyber-criminals and used fraudulently. They also run the risk of receiving counterfeit goods. Therefore, we do not recommend purchasing or visiting the website “www.rbauxx.com”. Persons who have already used their credit cards on the fraudulent website should contact their banks or credit card company immediately for help.

RayBan Sunglasse at www.rbauxx.com

Rayban Store – Discount Rayban Sunglasses $19.99. Just Today Free Shipping And Free Returns Order Over 3 Piece.

The cybercriminals behind the fake website will use another website and change the name, once the current website has been taken down. So, look out for similar fake RayBan Sunglass selling websites.

Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward malicious or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Source: Beware of “Rbauxx” – it is a Fake RayBan Sunglass Selling Website

Cybercrime: £130bn stolen from consumers in 2017, report says

More than a quarter of cybercrime victims believe they are safe from future attacks.

Of the 978m global victims of cybercrime last year, 17m were Britons targeted by phishing, ransomware, online fraud and hacking. Hackers stole a total of £130bn from consumers in 2017, including £4.6bn from British internet users, according to a new report from cybersecurity firm Norton. More than 17 million Brits were hit by cybercrime in the past year, meaning the nation, which accounts for less than 1% of the global population, makes up almost 2% of the 978 million global victims of cybercrime and almost 4% of the global losses. The losses were more than just financial. Each victim of cybercrime spent, on average, nearly two working days dealing with the aftermath of the attack.

But Norton warns that cybercrime victims are not doing enough to protect themselves online. The report found that they are more than twice as likely as those who haven’t fallen prey to cybercrime to share passwords to online accounts with other people, and almost twice as likely to use the same password for all online accounts. What’s more, a surprising number of cybercrime victims – more than a quarter – believe they are safe from future attacks.

“Consumers’ actions revealed a dangerous disconnect: despite a steady stream of cybercrime sprees reported by media, too many people appear to feel invincible and skip taking even basic precautions to protect themselves,” said Nick Shaw, Norton’s general manager for EMEA. “This disconnect highlights the need for consumer digital safety and the urgency for consumers to get back to basics when it comes to doing their part to prevent cybercrime.”

The head of the UK’s National Cybersecurity Centre warned on Tuesday that it was a matter of “when, not if” Britain would be hit by a major cyber-attack, capable of disrupting critical infrastructure or the democratic process. “Some attacks will get through. What you need to do [at that point] is cauterise the damage,” Ciaran Martin said.

Protecting Our Digital Streets from The New Cyber Mafia

Cybercrime has become the biggest threat to digital information, causing reputational and financial damage to businesses and consumers around the globe. The pace at which cybercrime has evolved since the 1980s is a concern for businesses that have become increasingly dependent on computers to house sensitive and proprietary data.

According to Malwarebytes’ latest report, “The New Mafia: Gangs and Vigilantes,” this new mafia, a technologically advanced type of traditional crime taking place solely online, has caused close to a 2,000% increase in ransomware detections since 2015, rising to hundreds of thousands of detections in September 2017 from less than 16,000 in September 2015. The structure, execution and malice of this type of crime are reminiscent of the mafia criminal organizations throughout history.

The Rise of Cybercrime

Cybercrime has emerged from a burgeoning threat to a global epidemic, inflicting immeasurable damage to businesses and individuals. The 1980s became the decade in which computer crime skyrocketed. Criminals began using their tech knowledge to pirate software, create viruses and steal personal information. In the 1990s, online financial crimes grew significantly, most notably with the theft of more than $10 million from Citibank by Russian student Vladimir Levin. The shift to mainstream consumer use in the early 2000s saw the occurrence of spam emails take root. In 2002, 29% of all emails were spam; by 2008-2010, 90% of all emails were spam.

Today’s cybercriminals have created more sophisticated and well-organized modes of attack. Ransomware attacks in 2017 through October surpassed total figures for 2016 by 62%. And the average monthly volume of attacks is up 23%. These figures show just how quickly the methods of cybercrime can evolve and how problematic they can become through the rise of new tactics, techniques and even gangs.

Emergence of The New Gangs

Hacking transformed the way criminals located and attacked their victims through the 1980s and 1990s. In the early 2000s, criminals started to take notice of the success of global cyberattacks, leading to the emergence of four cybercriminals groups: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire.

Traditional gangs are the internet’s version of organized crime gangs: They provide illegal and/or stolen goods online. State-sponsored attackers aim to steal information and disrupt political activity, all while becoming increasingly interested in corporate theft and sabotage. Ideological hackers gather classified information and leak the data to destroy the credibility of governments or other high-profile organizations, acting under the guise of moral and ethical duty. Hackers-for-hire are akin to paid guns for hire, operating in a highly retail-oriented manner with an emphasis on customer service and reliability.

Fighting Back: Consumers as The New Vigilantes

Acknowledgement of cybercrime needs to shift from victim shaming to empowering. Individuals need to feel encouraged to share and act rather than be silenced by fear. Cybercrime is relatively new so consumers can often feel hopeless since there is little legislation to protect those that have been victimized. As industry leaders fight back against cybercrime, consumers must feel empowered in their own threat knowledge so they can recognize and prevent possible attacks.

Technology will only become more prevalent in our lives as innovations such as the internet of things (IoT), machine learning and automation arrive. Undoubtedly, these mediums will spawn the next generation of cyberattacks. However, individuals and businesses can do something about this: The confidence of consumers and businesses to identify and report cybercrime will reduce the proliferation of cyberattacks.

To succeed against cybercrime, mindsets must change. Individuals must be encouraged to share information and take action. Without accepting, sharing and learning from our experiences, these groups will continue operating in the shadows.

Inside the murky world of Facebook scams – how fraudsters are using famous faces to con people out of cash

More than 1,600 victims lost £342 on average after being duped on Facebook last year. Millions of us don’t think twice about logging-on to Facebook to chat with mates and catch-up with family. But between the pictures of our friends and family there is a lurking danger to you and your cash. Facebook scammers are using celebs to trick you into giving away your cash. Fraudsters and crooks are after your money – and they are using ads featuring celebrities to tempt you into giving it away.

Figures released exclusively to The Sun Online show 1,639 scams were reported to Action Fraud in 2017, with the majority of those related to online shopping. Victims on average lost £342 but in 24 cases Brits reported being scammed out of more than £10,000. What’s more these figures are just based on what’s reported to Action Fraud, so it’s likely there could be countless more victims who have been duped. In October, the Advertising Standards Agency (ASA) banned three Facebook ads from two separate companies, one which offered financial advice and the other a PPI claims firm – all three used his face.

One household name who has tried to take on the crooks is MoneySavingExpert’s Martin Lewis. The popular money expert, who also stars in his own TV show, The Martin Lewis Money Show on ITV since September 2012, has built his reputation on the public trusting him but he has been left horrified that his image has been used on a number of Facebook and other social media scams. He told The Sun Online: “Frankly, I would warn anyone to be careful about sponsored posts on Facebook.

ONE Sun Online reader last month told how he feared he had been scammed for £100 by a promoted Facebook advert. Roy Thomas, 60, said he paid for an ebike after spotting an advert from a company called Dic Space. He paid £98.99 in a “sale” but it still hadn’t arrived after more than 30 days – and hadn’t been able to get hold of the company. He told The Sun Online: “It had looked like a bona fide company, and it looked very professional. It all looked good but after seven days it still hadn’t arrived. In effect, they don’t give you any actual details of the company that is going to be delivering the item, or anything to go off with that, so you can’t contact anyone. I’ve tried contacting the company but never received one bit of contact from them again. I had sent them an email saying I could pick it up, but it fell on deaf ears. It is the wild west where there are legitimate adverts and scores of illegitimate ones, ranging from the slightly misleading to ones which are outright scams and theft.”

Mr Lewis said the ads had caused people who trust his advice to lose money, sometimes thousands of pounds. Calling on Facebook to do more to stop the fake ads, he added: It’s outrageous. I can’t sleep at night knowing that people are being scammed off the back of my name – the opposite of what I am supposed to be doing. People think there must be a way to control it but con merchants don’t give a monkeys about that. We’ve reported these ads countless times and eventually they are taken down but it can take weeks and millions of people are seeing this and something needs to be done.”

And it’s not just Mr Lewis who has been used by scammers. Richard Branson’s image has also been used, this time for a Bitcoin scam

Just this week, Richard Branson’s image appeared on a get-rich-quick scheme ad dealing in Bitcoin. The ad linked through to a fake CNN page, which in turn went through to a scam site wrongly promising users they can win free Bitcoins.

Senior Tory MP Damian Collins, chairman of the Digital, Culture, Media and Sport select committee, slammed the ad. He said: “Fake adverts displayed on social media platforms are a real problem, and one that the social media companies must tackle.”

In response to Mr Lewis, a Facebook spokesperson told The Sun Online: “Adverts which are misleading, false or infringe on third-party rights are in violation of Facebook’s ads policies, and we remove them as soon as we become aware of them. The ads that were previously reported to us by Martin Lewis have been removed and the relevant accounts disabled.”

Last year it also announced it was adding 3,000 extra staff members to make sure it can respond to reports of misleading ads more quickly.

If you see a dodgy scam online, or you are a victim, you should contact Action Fraud by using its online reporting tool or calling 0300 123 2040.

 

Lock Snapping & How to Prevent It

Lock Snapping is a method used by home invaders which involves snapping a particular type of lock cylinder, allowing the burglar to quickly and easily gain access to your home. If the right amount of force is applied to the cylinder, it can break and give access to the locking mechanism.

Lock Snapping has become more common over recent years as it requires no special tools or expert knowledge, just the force of a hammer, mole grips or anything else that can physically grab and take hold of a cylinder is enough to gain entry. Many readily available videos’ online show the shocking force, speed and ease of the technique that burglars are using to break into homes up and down the country. One online video that we’ve seen shows how burglars will gain access to a cylinder even if it isn’t protruding from the handle. In this case the handle is shown literally being ripped off the door, the cylinder exposed, and the locking mechanism compromised using household tools such as a hammer and screwdriver.

A recent short tv documentary showed how a former burglar, without previous experience of snapping locks, could use this method to gain access to a property within 40 seconds, even he admitted how shocked he was at the ease and speed of gaining access, he said that an experienced lock snapper could probably gain access in as little as 13 seconds [Lock Snapping Video]. Another former burglar admitted that even if he had the best lock picks in England, he would rather snap the cylinder because “it’s simpler and easier”.

Police have said it’s estimated that around 22 million doors throughout the UK could be at risk from lock snapping where the lock cylinder can be broken in seconds.

 

What Locks Are at Risk

Key locks that are at risk of lock snapping are those of Euro Cylinder profiles, and locks that extend beyond 3mm of the handle. The further the lock cylinder protrudes from the door the more prone to tampering it becomes as it is easier to grip and take hold of, but even if a lock cylinder doesn’t protrude from the handle it still isn’t immune to tampering.

ASB Anti-Snap Locks

Locks that are of a TS007 3 Star standard (also known as ‘anti-snap’ cylinders) are locks that meet the requirements to withstand lock snapping attempts.

Anti-Snap cylinders have a ‘snap-off’ section integrated which will come away if a burglar was to try and snap the lock, making the cylinder shorter, thus making it more difficult to grasp. With the help of built in grip defenders it makes getting hold of the cylinder even harder. Not only that but anti-snap locks have a hardened bar which won’t snap, it will only flex making snapping almost impossible.

Check that your current locks do not over extend. If they appear vulnerable you may want to consider having them replaced or replacing them yourself. Fitting them yourself is relatively easy, takes little time and requires no specialist tools.

Replacement costs

Upgrading to an ASB lock by a reputable locksmith will cost you £100 to £150 for a single door. Replacing more than one at the same time reduces the cost per door.

If you are prepared to buy the replacement cylinders off line and DIY it will cost you £35 to £45 per door.

WhatsApp group chats not as secure as users might believe

Researchers have discovered flaws in the way WhatsApp,is messaging app handle secure (encrypted) group communication,which could result in unauthorized users getting added to closed groups and monitoring future conversations within them.

The problem with WhatsApp:
Paul Rösler, Christian Mainka, and Jörg Schwenk analysed the three widely used protocols and their implementations, and found that if someone – e.g., nation-state backed hackers (illegally), or law enforcement or intelligence agencies (legally) – gains control of WhatsApp’s servers, they could easily insert a new member in a private group without the permission of the group’s administrator(s).

The other participants will get a notification about a new user joining the group, but they have no way of knowing whether the new member was invited by the administrator(s). Also, if the attacker controls the server, he or she can block the messages sent by users who might question the new addition or warn others about it.

As noted cryptographer and Johns Hopkins University professor Matthew Green explained, the vulnerability stems from the fact that the WhatsApp server plays a significant role in group management, and that group management messages are not end-to-end encrypted or signed.

“When an administrator wishes to add a member to a group, it sends a message to the server identifying the group and the member to add. The server then checks that the user is authorized to administer that group, and (if so), it sends a message to every member of the group indicating that they should add that user. The flaw here is obvious: since the group management messages are not signed by the administrator, a malicious WhatsApp server can add any user it wants into the group. This means the privacy of your end-to-end encrypted group chat is only guaranteed if you actually trust the WhatsApp server.”

What now?
The main problem is this: end-to-end encryption, which WhatsApp purports to offer, should not depend on uncompromised servers. “We haven’t entirely achieved this yet, thanks to things like key servers. But we are making progress. This bug is a step back, and it’s one a sophisticated attacker potentially could exploit,” Green noted.

The researchers disclosed their findings to WatsApp last summer. WhatsApp said that the “group invitation bug” is a theoretical danger that’s additionally minimized by the fact that users will receive a notification about a new user joining the group. Also, the spokesperson noted, administrators could warn users about the new, unauthorized addition via private messages. That seems to be enough for them at the moment, especially because a fix for the flaw could end up breaking the convenient “group invite link” feature.

There are apps for most things; use them safely and securely

Thanks to apps, your phone, tablet and maybe your smart watch have become the smartest and fastest way to communicate, navigate, shop, bank, book, pay, get your entertainment … and much more. But convenience can be accompanied by disadvantages, so we’d like to pass on a few expert tips about making sure you choose and use apps safely and securely.

Use only official app stores

Avoid downloading fraudulent or otherwise illegitimate apps by using only the official store for your device’s operating system, and avoiding unauthorised sources such as bulletin boards and peer-to-peer networks. Even then, read reviews and choose with care, as some rogue apps occasionally make their way into app stores.

Read the small print

When downloading apps, you’re usually asked to agree to terms and conditions. These can be quite lengthy and complex, but it’s important to do so as some small print includes details on data sharing, in-app payments and other conditions.

Know what permissions you’re granting

You may be asked for permission for an app to access your location, photos, camera, contacts or other functions or data. Before agreeing, think about if you really want this type of access enabled, and the safety aspects of others knowing what you’re doing and where you are (especially important for children).

Check settings

Where possible, check app settings to determine whether downloading updates and day-to-day data are enabled automatically. This may be convenient, but it could also make it easier for your data to be intercepted, and may use up your data allowance.

Check content ratings

Most apps found in the official app stores feature ratings with guidance on the content and intensity of various aspects of the app. Each store has its own policy, so ratings may vary from store to store. A nice-to-have for you, but essential for apps which may be accessed by children.

Use public Wi-Fi safely

When you’re out and about, remember that you shouldn’t use Wi-Fi hotspots for confidential communications or transactions in places like cafés, pubs and hotel rooms, as there’s no guarantee of security. Instead, use your data, or wait until you get back to your secure Wi-Fi.

Always log out

When you’ve finished using an app – particularly one for banking, shopping or payments – always log out, as simply closing the app may not necessarily do it for you. This also goes for location-based apps, when you want to keep your whereabouts to yourself.

Download updates

Always download app updates when prompted, because as well as providing new features and better functionality, updates usually contain at least one security fix.

Look after your devices

With today’s apps, your mobile device becomes a computer, wallet, satnav, photo album, TV, filing cabinet, and much more. You shouldn’t leave any of these items in an unlocked house or vehicle, or unattended in a café or on a train …your mobile device is no different. And always PIN or password-protect your device as a first line of security.

Keep an eye on those bills

Be aware of the data used by apps when you’re out and about, including roaming charges abroad. And remember that some apps enable in-app purchases, which can be very attractive to use – especially to children – but at a price.

Do your housekeeping

Filling your phone or tablet with dozens of apps you don’t use can affect its performance, including reducing battery life. Remove the ones you haven’t used for a while, apart from security apps. If you’re disposing of your phone by any means, erase all data and apps, also preferably doing a factory re-set.

Click here for the full story

I’ll make you an offer you can’t refuse… – NCSC Site

One of the terms we didn’t include in our advent calendar of definitions was ‘malvertising’. This is a term which we felt we could say a little more about, and so we’ve saved it for this blog. Malvertising may seem like a scary topic, but it doesn’t need to be. This blog includes some simple steps to protect your End User Devices and your networks, so you don’t need to be afraid of online adverts.

What is malvertising?

Malvertising, or ‘malicious advertising’, is when an attacker uses online advertising as a delivery method for malicious activity. It’s particularly insidious because it often doesn’t require any user interaction – such as choosing to run downloaded files – to cause problems. You can become a victim of malvertising simply by visiting a popular website. Code within online adverts on the website could install ransomware or other malware.

It’s a popular method because a single malicious advertisement could be distributed to many publishers and onward to many websites – causing widespread attacks against their users. Ad networks allow advertisers to target online advertisements on features like location and device types; attackers can also leverage this to launch targeted malvertising campaigns. In addition, it can be difficult to attribute malicious activity to malvertising.

How malvertising works

To understand how to protect against malicious advertising, it helps to understand how it is delivered. Website owners and mobile application developers, known as publishers, receive payment from advertisers in return for displaying online advertisements. Online advertisements can allow advertisers to run code to display rich media advertisements that incorporate elements like animations, video and scripts. Malicious actors can take advantage of this to deliver malicious content within an online advertisement, without the knowledge of the publisher.

There are different ways for malicious advertisements to be displayed on a publisher’s site:

  • Publishers can use their own servers to deliver online advertisements.
  • Alternatively, publishers can use an ad network. Within ad networks, advertisers can buy the rights to serve an advertisement onto a publisher site.

Whether an attacker compromises a publisher’s server or poses as a legitimate advertiser, the same delivery vector – online advertisements – is used to deliver malicious activity. It is important to note that while publishers are being used in the infection process, they are – like the end user – victims of malvertising. Publishers will suffer reputational damage if their customers get infected from malvertising displayed on their sites.

Embedded malicious code

Malicious advertisements typically do not require any user interaction because they contain embedded code. The user does not need to click on the advertisement as they have malicious code within them. The code can carry out a variety of tasks, such as exploit software vulnerabilities, or silently redirect users to malicious websites that host exploit kits. In this regard, malvertising is like drive-by-downloads, in that software is run on a victim’s computer simply by visiting a malicious website.

Note: Exploit kits are automated toolkits or frameworks designed to scan a victim’s device, find software vulnerabilities and then exploit them in order to deliver a malicious payload.

What is the impact of malvertising?

Numerous high-profile publisher sites have been victims of malvertising campaigns. In March 2016, visitors to various major publishers including aol.com, bbc.com, nfl.com and nytimes.com received malicious advertisements. The malvertising campaign targeted US users and was delivered through multiple ad networks. Shortly afterwards, a similar malvertising campaign targeted visitors to UK websites.

In both campaigns, the malicious advertisement redirected victims to websites hosting the Angler exploit kit. This can lead to malicious activity such as stealing financial information stored on victims’ machines, or installing ransomware whereby victims’ files are encrypted unless payment is made to the attacker.

Ad blocking

Ad blocking is a technology designed to limit (or completely prevent) the display of online advertisements. There are several ad blocking solutions that work in different ways. Some ad blockers are designed to block all advertisements (whether legitimate or malicious), whilst others whitelist ‘trusted’ ad networks. It is worth noting that whitelisted ad networks could still be a source of malicious advertisements. Whilst ad blockers can help prevent malvertising from affecting you, they should not be regarded as a security product.

Protecting your devices and networks

The clear majority of malvertising targets unpatched vulnerabilities in web browsers, plugins, and associated internet-facing software on End User Devices. Prompt patching and updating of this software is the most effective mitigation available. For more information on protecting End User Devices within your organisation, see our EUD guidance.

In addition, Cyber Essentials contains five critical controls which can help to reduce the harm from malvertising. We recommend that all organisations consider these controls, and the recommendations in the 10 steps to cyber security. Wider network security hygiene protections, such as network segregation, web proxying, and least privilege are also useful in minimising the impact of any successful malware infection.

Source: I’ll make you an offer you can’t refuse… – NCSC Site

Putting the cyber in crime: How lower barriers and increased profits have led to a surge in cybercrime.

It seems as if not a day goes past where cybercrime isn’t in the headlines. Whether it is a ransomware attack, a huge data breach, theft of intellectual property, or the unavailability of service, ‘cyber’ is playing an increasingly important role for both enterprises and individuals alike.

Nowadays, nearly all crimes have an element of cyber to them and we’re seeing more ‘traditional’ criminals get into the cybercrime industry. However, this isn’t just bandwagon jumping; there are actually some very good reasons why the world of cyber makes a lot of sense to criminals.

Lowering barriers to entry:Go back ten years or so and ‘hacking’ knowledge was limited to a few select individuals that understood technology. It wasn’t easy to find experts that were willing to be “hackers for hire”, and for those new to the industry, acquiring such skills wasn’t an easy task either. However, in recent years, the barriers to entry have gotten significantly lower due to a few key factors:

  1. Availability of online marketplaces. Online marketplaces have become commonplace and provide a convenient place where hackers for hire can advertise their skills to bidders. These can encompass a broad range of services such as DDoS attacks, botnets, and targeting of individuals or businesses, as well as custom services.
  2. As-a-service. Taking a cue from legitimate businesses, cybercriminals are beginning to remodel their organizations for greater efficiency. This has resulted in the rise of “cybercrime-as-a-service”. For example, Petya & Mischa ransomware-as-a-service (RaaS) was launched in July 2016. This platform encourages distributors to generate high returns by enticing them with the cybercrime equivalent of performance bonuses. If distributors generate less than five bitcoins in each week, then they only earn 25% of the ransom paid. However, if the weekly payment is over 125 bitcoins, then they can potentially keep 85% of it. Through such initiatives, the RaaS business model has proven to be highly lucrative, for both the providers and the distributors, and there’s no sign that the these operations will go away anytime soon.
  3. The rise of cryptocurrency. The third leg of the stool is made up of crypto currencies such as bitcoin, which allow payments to be made anonymously. This allows cybercrime service providers to sell their wares easily, and allows cybercriminals to extort money from their victims more effectively.

Profit and loss: Another aspect contributing to the rise in cybercrime is the increase in potential profits. The cybercrime market is lucrative because of the extent to which things have gone digital. Everything from finance, to healthcare, to national infrastructure is connected in some way or another. On top of this, the introduction of IoT and smart devices has resulted in an explosion of connected devices, each of which presents a potential money-making opportunity for a clever hacker.

The abundance of connected devices gives criminals an advantage because there will always be unsecured, unpatched, or simply insecure targets. Attacks can be individual consumers as they could from attacking large enterprises. By targeting individuals, hackers further lower the bar to entry, as no pre-qualification needs to be done on the target.

 Key takeaways: The growing number of criminals taking advantage of lucrative cyber money-making opportunities will unfortunately only continue to grow. Therefore, it is more important than ever that enterprises and individuals take appropriate steps to protect themselves from cyber-attacks. Here are few tips to bear in mind:

  • User education and awareness is the first, and arguably the most important, line of defence. For example, knowing not to click on suspicious links could prevent a potential infection entirely.
  • Segregating critical systems and assets is also a good defensive measure. If a user does click on a link, having segregated systems will prevent infections from spreading.
  • Have robust detection and response controls in place, which are enhanced by threat intelligence, is also critical so that infections can be detected quickly and remedial action taken immediately to minimize impact.
  • Finally, the importance of backup processes cannot be forgotten or neglected. If the worst does happen, it’s often better to wipe systems and reinstall from a clean, trusted backup than try to fix the mess.

Cyber-threats in university Clearing and how to overcome them -it Security Guru

A Level results are out.  For many, this is a time of celebration as they take up offers for the university or college of their choice.  However, for those who have not received the results they need it can be a stressful time as they enter Clearing, and turn to online search to secure a university or college place to continue their studies.

Cybercriminals are wise to this forthcoming uptick in web traffic, and have been creating higher education phishing sites to trick stressed students into clicking on malware-laden links.  This is not a new scam, and is evidence that cybercriminals are diversifying to rework banking, online shopping and other phishing scams.  Today security researchers at Forcepoint are now warning prospective students across the UK and internationally to beware of these scams.

Carl Leonard, principal security analyst at Forcepoint said: “This activity could come from one-off individual criminal elements speculating for financial gain or as part of an organised gang spreading malware kits or adding to botnets.  Using search analytics criminals can map likely human reactions and rework tried and tested social engineering scams to target vulnerable individuals.  Broadly, if a university or college offer appears too good to be true, it probably is.”

“University students will continue to be targeted by cyber criminals at relevant times of the year.  The scammers will continue to setup fraudulent websites and send convincing emails demanding interaction in order to manipulate a student’s behaviour when they are under the most time pressure.”

As a way of preventing these cyber scams, Forcepoint advises students searching for university and college courses for the autumn to do the following:

  • Type in the URL rather than clicking on links in email or in online adverts
  • Use reputable search engines
  • Be aware of lure lines such as “discounted course fees,” “multiple course places available now,” or the usage of highly respected educational establishment names in promotions
  • Keep internet security up to date on PCs and mobiles
  • Begin your Clearing search via the UCAS website, which contains official links and the latest up-to-date places
  • Reach out to the university or colleges admin secretary office if you have doubts as to the legitimacy of a fee or offer

Wayne Gaish, IT Strategic Development Manager, Petroc said: “Petroc takes cyber security very seriously and in particular for our learners at this crucial time of year. The guidance provided by Forcepoint will help promote a better understanding for our learners in today’s digital world.”

Frank Jeffs, post-graduate researcher and former Head of Advertising at Middlesex University said:

“Scams of this nature have the potential to trick stressed UK-based students, but could also catch out international students who are seeking courses in the UK.  In my experience, scammers use well-known university names such as Oxford or Cambridge and create fake institutions which sound very similar.  Designed to look realistic and offering qualifications at a low price or attempting to capture personal information, this social engineering trick could easily catch out international studients or people who might not have the local knowledge of the official educational establishment names.  Always go via the UCAS website or type in the URL of the university or college you are interested in.”