Online criminals clone UK university’s website to phish for cash

Personal information also targeted…

David bisson
David Bisson

Online criminals clone UK university's website to phish for cash

Criminals have cloned a UK university’s website in an attempt to phish for unsuspecting students’ cash and personal information.

On 20 July 2017, Newcastle University confirmed on Twitter its knowledge of a rogue website fraudulently abusing its brand. Its tweet contained the following image:

Dflyh quwaate7l

Sign up to our free newsletter.
Security news, advice, and tips.

“We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses. The website ‘newcastle international university’ is in no way affiliated with the University and we are advising anyone who finds the website should not submit any personal details. All students should use our official website”

Fair enough. Let’s go and visit the school’s official website. Here’s what we see.

Screen shot 2017 07 21 at 11.21.02 am

Okay, pretty standard. Now for the fraudulent website, which is located at http://newcastleinternationaluniversity[dot]com/

Screen shot 2017 07 21 at 11.21.18 am

As you can see, the scammers went all out with this one. They created dozens of sub-pages explaining the different programs offered by the university. This effort sits against the backdrop of what appears to be a professionally designed website.

To be fair, the fraudsters did commit a few mistakes. First, the actual research institution is called “Newcastle University,” not “Newcastle International University.” Second, those responsible for the cloned website used the wrong coat of arms, thereby giving away their creation as fake.

But those details don’t matter to unfamiliar eyes, such as those belonging to incoming foreign students who are already making arrangements of traveling to the school in the fall. Towards that end, it’s plausible some hapless prospective pupils visited the fake website’s “Online Application” page and entered in their personal information, Passport ID, and credit card details into the application form.

Screen shot 2017 07 21 at 11.22.54 am
Screenshot of the phishing application form.

At this time, it’s unclear whether anyone fell for the fake website and handed over their personal data to scammers. RSA’s Azeem Aleem feels it’s more than likely that someone did. As he told the The Register:

“Make no mistake, this is an effective scam. They’ve put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks. Newcastle University’s response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim.”

Given the likelihood that students received a link to this website via spam mail, it’s important that web users in general exercise caution around suspicious links and email attachments. If they receive an email from a familiar entity requesting action on their part, they should look up the sender organization in a reputable search engine and navigate to their website that way. Doing so will diminish the chances of landing on a hacked or fake website.

If you’ve fallen for the scam above, please contact Newcastle University, your local police, and your card issuer/financial institution.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.