Kaspersky discloses fraudulent campaigns scammers running during back-to-school season
As the back-to-school season starts, Kaspersky’s cybersecurity experts have detected a significant surge in fraudulent activities. Every year, cybercriminals exploit the busy period of academic preparations and purchases, launching sophisticated phishing campaigns. However, Kaspersky experts warn that this year, the campaigns have become more targeted, specifically aiming to steal personal data from students, educators, and administrators in the educational sector.
Fraudsters are increasingly leveraging data collection forms on platforms like SurveyHeart.com, a questionnaire like Google Forms, to carry out scams.
In one such scheme – phishing attack that targets students at Neumann University in the U.S. – victims receive a notification claiming they are using two different Microsoft school emails across various university portals. To prevent their Office 365 account from being deactivated, they are asked to complete a survey requiring sensitive details such as their name, phone number, university email, and account password.
Another scam uncovered by Kaspersky experts involves fraudsters creating fake giveaways that promise students a chance to win various high-end gadgets useful for education, from iPhones to iPads and laptops. To enter these enticing contests, victims are asked to provide personal information and are instructed to provide personal information and indicate their preferred laptop model. Additionally, individuals are prompted to share a link to a prize-draw page with 15 contacts via WhatsApp. While the prospect of winning a valuable item like a laptop is the lure, there’s a hidden catch: the so-called winners are told they must pay for the delivery of their prizes. This demand for additional payment is a clear red flag that the giveaway is a scam.
The offer may seem tempting, but the combination of an unusually generous prize and the requirement to cover delivery costs is a telltale sign of fraudulent activity.
“These scams go beyond immediate data theft and could lead to more serious, long-term consequences,” cautions Olga Svistunova, a security expert at Kaspersky. “If attackers gain access to private school information, such as class schedules, it could be exploited for doxing, stalking, cyberbullying, or even identity theft. It’s essential for students to be vigilant and cautious when responding to such suspicious notifications.”
To stay safe against education fraud, Kaspersky experts also recommend: