Spoofing Tactics for a UK-Based University Reach New Level of Skill
The spectrum of scams, fraud, and identity theft includes a wide variety of skill levels among criminals.
There are black hat hackers writing viruses that can infect entire networks around the globe or infiltrate the most secure government sites, just as there are scammers whose only skillset is sending out a vast number of emails, hoping to find a trusting victim. Obviously, the more skill involved in the crime, the higher the stakes can be; but that also means a smaller pool of criminals attempting the act.
The reality is most computer users have already come across a lower-key criminal trying to steal their money, their identifying information, or both through phishing emails.
This type of fraud doesn’t require any particular tech ability, other than knowing how to create a new email address. However, the lengths the perpetrators in one recently discovered spoof scam went to are astounding: they went so far as to create a whole new website, complete with clickable pages filled with detailed articles and contact information. The fraudulent website cloned that of a respected university, and the web address and associated email addresses were so similar to the real website that most people might not even notice the difference.
Newcastle University is a real U.K-based school, but Newcastle International University is not. That didn’t stop scammers from setting up complex and detailed online forms for prospective students to fill out, requesting all of their sensitive information, as well as a phony payment card setup where they could supposedly pay for their courses. The actual school has issued warnings to the public to avoid the spoofed website, as well as to be very mindful of where you share your personal data and your payment methods.
Some spoofed emails can be so badly copied that they’re almost laughable, and scammers actually use that as an intentional tactic to make sure they’re only luring in gullible people. The fake Newcastle website, on the other hand, was created down to some of the tiniest details and was targeting college-bound tech users. Spotting the odd differences can be tough, and becoming a victim is all too easy when the criminals know how to cover their tracks.
It's important that users check the URL web addresses for any site where they’re entering personal identifiable information or payment information, ensuring that the address is genuine and contains an HTTPS designation. Also, never submit sensitive information online to a source you haven’t verified.