Newcastle University warns students against scam site

published 21 July 2017

Newcastle University has been forced to warn prospective students of a fraudulent website scammers are using to harvest passport details, personal information and credit card numbers.

The site purports to be run by 'Newcastle International University', but no such educational establishment exists. Instead, it's a fake site mocked up to mimic the real university website, including pages on admissions FAQs, course details and school news.

As well as harvesting students' personal information, including names, dates of birth, email addresses and even passport numbers, the site also accepts online payments for courses.

The real Newcastle University released a statement on Twitter, confirming that it is not affiliated with the site and advising students to only use Newcastle University's genuine website.

"We've reported it to the hosting company, the organisation which provides the domain name, and the non-profit standards organisation, ICANN (The Internet Corporation for Assigned Names and Numbers)," the University told IT Pro in a statement. "The University is working with National Cyber Crime Police team, and the case has been registered with the cyber security team in the National Crime Agency."

"We would urge any students not to access this site and go to our official site: www.ncl.ac.uk or call the University's general number if they have any queries."

The fraudsters have managed to concoct an unusually sophisticated trap, according to RSA's EMEA advanced cyber defence practise director, Azeem Aleem. "Make no mistake, this is an effective scam," he said. "They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks."

"Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn't want to fall into the wrong hands. They have also been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University's official site."

In fact, even seasoned professionals may be fooled on first glance. When compared side-by-side with the real Newcastle University website (see main image), one could argue that the fraud site is actually the more professional-looking of the two - although there are some telltale giveaways on closer inspection, such as spelling and grammar errors, and poorly-sized images.

Five giveaways that show an email is a phishing attack University of Greenwich students’ data leaked online Newcastle City Council blames human error for data breach

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.

Get the ITPro daily newsletter