Student Loans Company hit by 5.5 million email attacks

Huge number of malware, phishing and spam attacks designed to steal confidential financial data of students, as Tessain chief Tim Sadler warns of the dangers of 'particularly effective' phishing attacks

by Patrick Sullivan, Political Editor on 17 March 2020 13:21


The Student Loans Company (SLC), the non-departmental public body in the United Kingdom that provides student loans, was hit by 5,445,273 email attacks in 2019 according to official figures.

The data, which was obtained via the Freedom of Information Act (FOI), provides an insight into the types of cyber attacks that Student Loans Company successfully defended itself against last year.

The SCL is reported to provide funding for 1.34 million students in higher education in 2018/19 up from 1.33 million students in 2017/18. Out of the 5,445,273 email attacks recorded last year, the Student Loans Company’s detection software blocked 10,125 malware attempts and 19,188 phishing attacks.

It was the spam protection operating system that quarantined the highest number of emails, with 5,415,960 different attack efforts.

Phishing is the fraudulent attempt to obtain sensitive information like usernames, passwords or credit card details by pretending to be a trustworthy organisation over emails or instant messaging. Worryingly, the email phishing scam industry is growing at a rapid rate in the UK, with hackers finding new ways to exploit vulnerabilities with innovation.

In 2018, phishing scammers successfully stole £100,000 of student loans form University students, underlining the rising challenge posed by sophisticated scam emails.

The Student Loans Company is a non-departmental public body company in the United Kingdom that provides loans to students. It is owned by the UK Government's Department for Education, the Scottish Government, the Welsh Government and the Northern Ireland Executive. A spokesperson from The Student Loans Company confirmed that the all of the listed attacks were successfully blocked and quarantined.

Cyber security expert Tim Sadler, CEO at Tessian told The Commentator: "With so much valuable information on the millions of students it funds, it's little wonder why the SLC is a prime target for email attacks.

"Phishing attacks are particularly effective because they are relatively easy and inexpensive to execute - it just takes one employee fall for the scam and the attacker can steal money, harvest credentials or install malware onto devices.

"In the case of SLC, it's likely that hackers will impersonate a trusted brand or individual to lure individuals to fake websites in order to steal their login credentials. With these credentials, attackers can then access an individual's account and send emails on their behalf.

"Posing as a SLC employee, an attacker can cause further damage by targeting students with malicious messages to request their valuable personal or financial information.

"With so much at stake, staff need to be aware of the threats and the cues that signal a malicious email. However, businesses cannot expect every employee to spot every phishing email 100% of the time. Attacks are only becoming more sophisticated and the threat is constantly evolving. Businesses therefore need to take the burden off employees and instead use technology to protect their people, detecting phishing attacks and alerting employees to a threat in real time."

blog comments powered by Disqus

We are wholly dependent on the kindness of our readers for our continued work. We thank you in advance for any support you can offer.