Newcastle University has warned prospective students to stay away from a fake website which is being used by cyber thieves to collect their personal details and credit card numbers.
The fake website features identical course details as the original Newcastle University website and accepts online payments as well.
The fake website in question features a ‘Newcastle International University’ banner and offers visitors details on admission procedure, course details, and university news. It is also asking prospective students to pay admission and course fees on the website itself aside from sharing their personal details.
Students looking to gain admission to the Newcastle University are being asked to share their names, dates of birth, email addresses, and passport numbers. This sort of data harvesting will enable hackers to either earn money on the dark web or to commit identity fraud.
‘We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses,’ said Newcastle University in an official statement on Twitter.
‘The website ‘newcastle international university’ is in no way associated with the university and we are advising anyone who finds the website not to submit any personal details’ the university added.
The fake website looks quite genuine to prospective students and the details therein may convince anyone that it is not a fake site. The Newcastle University received over 34,000 applications last year and it seems that the hackers in question want a share of the pie.
According to Azeem Aleem, Director for Advanced Cyber Defence Practice EMEA at RSA, the hackers in question are focussing on overseas students ‘who may not have the local knowledge to spot the difference between this site and Newcastle University’s official site’.
“Make no mistake, this is an effective scam. They’ve put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks. Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn’t want to fall into the wrong hands,” he said.
He adds that in order to ensure that you are not providing your personal or financial details to unintended recipients, you shouldn’t click on links for websites from unsolicited emails, use search engines to find genuine sites and check URLs of websites to ensure there’s no spoofing going on.