School Yourself on Common Student Loan Cyber Scams

What are some of the most common student loan cyber scams to watch out for?

With the student loan pause ending and the student loan forgiveness program ruling on the horizon, it is an uncertain time for federal student loan debt holders… and cyber criminals are ready to capitalize on it.

When the debt ceiling freeze agreement was reached, it guaranteed the end of the federal student loan payment pause, a pause that’s been in effect for more than three years due to the onset of the COVID-19 pandemic. With the pause set to be lifted, student loan payments will resume in October.

But if the Supreme Court rules in favor of President Biden’s student loan forgiveness program, some reprieve may be on the horizon. While borrowers wait for the decision, which will happen later this month or in July, preparation is necessary. Federal student loan holders should not only be preparing for the financial impact of resuming payments but for potential cyber scams associated with student loans. 

Student loan-themed scams are not new, in fact, a report estimates that student loan scams stole nearly $5 billion from Americans in 2022 alone, which is why it is more important than ever to be aware of potential scams you may come across. 

While there are some legal yet predatory scams that target student debt holders, this article will focus on some of the most common cyber-attacks that use student loan debt as a cover. 

Malicious Communications

Scammers use a variety of communication methods to launch malicious attacks, but they all have the same goal – to obtain information from you that can be used in stealing your identity, your money, or taking over your personal accounts, e.g., your bank account.

In terms of student loan repayment scams, scammers might offer you the promise of helping refinance your student loan debt, cancelling student loan debt despite the legal ruling, applying for an extended repayment freeze, starting a FAFSA form, initiating a student loan forgiveness application, etc. 

To best protect yourself, you should be familiar with the following types of malicious communications:

• Phishing – occurs when a scammer sends you an enticing email that includes a malicious link or attachment that harbors malware.
• Smishing – occurs when a scammer uses a compelling text message to trick recipients into clicking a link and revealing private information or downloading malicious programs to a mobile device.
• Vishing – occurs when a scammer reaches out to you through a phone call to solicit personal information from you.

Whatever way they try to reach you, make sure you ask yourself the following questions to analyze whether you’re the target of a scam:

1. Did they call me from a number I don’t recognize or one without caller ID?
2. Did they text me from a short 6-digit phone number? (This could mean it was sent from an auto-dialer API or an email account, both of which are suspicious.)
3. Did they ask for any personal information (credit card number, social security number, FSA ID, etc.)?
4. Did they talk with a sense of urgency? Did they try to rush me to take action?
5. Did they offer me a quick way to get money?

Malicious Websites

Malicious websites are another tried-and-true way scammers will attempt to target you. These websites mimic legitimate ones in an attempt to steal your credentials and other sensitive information.

Scammers will offer fake student loan services through malicious websites, promising consolidation of loans, switching repayment plans, and applications for deferment or forbearance – all of which you can apply for through the legitimate website of StudentAid.gov.

If you’re googling information about student loan repayments, or, perhaps you receive a seemingly normal email with a URL in it that claims to explain or help with student loan debt, or you are simply just trying to log into your FAFSA account, make sure you trust, but verify. Ask yourself the following questions before clicking a link or navigating to a site:

1. Does the website have a padlock icon in the web address bar?
2. Is there an https and/or padlock icon at the start of the URL?
3. Did I hover over the link to see where it will take me? Does the link in the email show a completely different domain?
4. Does the website contain grammar or spelling errors?
5. Does the website have the correct domain as a government entity?
6. Is there incomplete or missing website content?
7. Is the company logo on the website consistent with the company’s official logo?

Helpful Resources

Regardless of how vigilant you are, scammers’ methods are increasingly complex and harder to distinguish. Here are some resources to help you as you navigate the student loan repayment process and attempt to keep yourself protected from scams:

• Connect with legitimate sources about the Federal Student Loan Debt Forgiveness Program here.
• Read the Federal Trade Commission’s tips for recognizing and avoiding phishing scams here.
• If you ever suspect that a scammer has your information, go to IdentityTheft.gov.

About Schneider Downs Cybersecurity

The Schneider Downs Cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.

To learn more, visit our dedicated Cybersecurity page.