The FBI recently released a warning that scammers may target individuals seeking to enroll in the Federal Student Aid program to steal their personal information, payment details, and money. Federal Student Aid is a debt relief program announced in August 2022 that recently opened for applications.
The large amount of applicants present a unique targeting opportunity for cybercriminals, who will use various techniques to trick applicants into falling for fraudulent websites & phishing emails. Users should be on the lookout for phishing emails and SMS messages that mimic the application form for student loan relief. "Cybercriminals and fraudsters may purport to offer entrance into the Federal Student Loan Forgiveness program, contacting potential victims via phone, email, mail, text, websites, or other online chat services" - the Federal Bureau of Investigation. The motive behind the attacks will generally be to steal money from victims, though stolen PII from victims could be used to facilitate other crimes. There's an estimate of 45 million student loan borrowers in the United States, collectively owing $1.6 trillion, meaning cybercriminals have plenty of victims to target.
It is common for cybercriminals to take advantage of current events, which they can use to 'lure in' target victims with phishing emails. During major global events, such as military conflicts, natural disasters, or societal movements, cybercriminals attempt to swindle invested victims. We saw cybercriminals using phishing lures related to the black lives matter movement, hurricane relief foundations, and the war in Ukraine. Preying on victims emotions, cybercriminals craft phishing emails and masquerade as legitimate websites to convince victims to send money or disclose personal information.
The debt relief program's real website at 'studentaid.gov'. Applying for the real federal student aid program is free of charge, so potential targets should pay attention to any requests to pay for enrolling in the program or for processing the application. Furthermore, the real application process does not require users to log into any accounts, nor does it ask individuals to upload any documents, personal or financial, during the first phase of the application.
Requests for additional information and documents will come during the next stage, and beneficiaries will be contacted from these email addresses:
The U.S. government will not distribute notices to program beneficiaries. Therefore, any emails, phone calls, or SMS messages pointing to alleged application forms are attempts to defraud the recipients.
The only official way to apply for the debt relief program is to visit studentaid.gov.
Borrowers are advised to treat incoming communication cautiously and monitor Federal Student Aid's social media channels for updates about the program and, potentially, timely warnings about fraud.
The FTC (Federal Trade Commission) has also posted a warning about the same topic yesterday, offering tips on how to stay clear of scams.