Newcastle University warns students against scam site
Fake site tricks users into handing over personal details and payments for fake courses
Newcastle University has been forced to warn prospective students of a fraudulent website scammers are using to harvest passport details, personal information and credit card numbers.
The site purports to be run by 'Newcastle International University', but no such educational establishment exists. Instead, it's a fake site mocked up to mimic the real university website, including pages on admissions FAQs, course details and school news.
As well as harvesting students' personal information, including names, dates of birth, email addresses and even passport numbers, the site also accepts online payments for courses.
The real Newcastle University released a statement on Twitter, confirming that it is not affiliated with the site and advising students to only use Newcastle University's genuine website.
"We've reported it to the hosting company, the organisation which provides the domain name, and the non-profit standards organisation, ICANN (The Internet Corporation for Assigned Names and Numbers)," the University told IT Pro in a statement. "The University is working with National Cyber Crime Police team, and the case has been registered with the cyber security team in the National Crime Agency."
"We would urge any students not to access this site and go to our official site: www.ncl.ac.uk or call the University's general number if they have any queries."
The fraudsters have managed to concoct an unusually sophisticated trap, according to RSA's EMEA advanced cyber defence practise director, Azeem Aleem. "Make no mistake, this is an effective scam," he said. "They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks."
"Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn't want to fall into the wrong hands. They have also been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University's official site."
In fact, even seasoned professionals may be fooled on first glance. When compared side-by-side with the real Newcastle University website (see main image), one could argue that the fraud site is actually the more professional-looking of the two - although there are some telltale giveaways on closer inspection, such as spelling and grammar errors, and poorly-sized images.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now