Select Page

In the UK, there’s a good chance you took out a loan with the Student Loans Company if you went to University. It’s been brought to my attention that there’s currently a number of sites being hacked and becoming hosts for rather nasty phishes.

So far, all of the phish pages we’ve seen look like the below. The scam begins with a page claiming to be a login for “Student Finance”, asking the victim to enter their customer reference number. The page steals design elements from legitimate Directgov websites and looks identical to the real thing:

student loan phish

Should the victim proceed, they’ll find they’re suddenly asked for every type of personal information you can possibly imagine:

Sloanphish2

Date of birth, National Insurance number, passwords, bank details….the works. Anyone falling for this is going to find themselves well and truly phished. When the victim presses the Save button at the bottom of the page, their details are sent to the phisher and they’re taken to the real Directgov student financess logout page:

student loans phish logout

This is designed to make the victim think that they’ve been on the real website (because the domain they’re now on is slc.co.uk), and that they’ve logged themselves out (to prevent them becoming suspicious that they might not have actually been logged in at all).

The screenshots above were taken from audiotype(dot)com(dot)au/direct.gov.uk which was the original domain a student friend sent my way (now offline), but a little bit of digging has revealed there’s a number of these sites that have been submitted to antiphish resource Phishtank:

student loans phishlist

As you can see, there’s one or two in March but the frequency of noted phishes increases in April. It’s probable this is a small selection of many more phish pages out there targeting students so be careful what you click and always check the URL of the site you’re on.

You don’t want to be getting into debt with the phishers too…

Christopher Boyd