Newcastle University warns students against scam site

Fake site tricks users into handing over personal details and payments for fake courses

Newcastle University has been forced to warn prospective students of a fraudulent website scammers are using to harvest passport details, personal information and credit card numbers.

The site purports to be run by 'Newcastle International University', but no such educational establishment exists. Instead, it's a fake site mocked up to mimic the real university website, including pages on admissions FAQs, course details and school news.

As well as harvesting students' personal information, including names, dates of birth, email addresses and even passport numbers, the site also accepts online payments for courses.

The real Newcastle University released a statement on Twitter, confirming that it is not affiliated with the site and advising students to only use Newcastle University's genuine website.

"We've reported it to the hosting company, the organisation which provides the domain name, and the non-profit standards organisation, ICANN (The Internet Corporation for Assigned Names and Numbers)," the University told IT Pro in a statement. "The University is working with National Cyber Crime Police team, and the case has been registered with the cyber security team in the National Crime Agency."

"We would urge any students not to access this site and go to our official site: www.ncl.ac.uk or call the University's general number if they have any queries."

The fraudsters have managed to concoct an unusually sophisticated trap, according to RSA's EMEA advanced cyber defence practise director, Azeem Aleem. "Make no mistake, this is an effective scam," he said. "They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks."

"Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn't want to fall into the wrong hands. They have also been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University's official site."

In fact, even seasoned professionals may be fooled on first glance. When compared side-by-side with the real Newcastle University website (see main image), one could argue that the fraud site is actually the more professional-looking of the two - although there are some telltale giveaways on closer inspection, such as spelling and grammar errors, and poorly-sized images.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020