As the new school season approaches, scammers target students and their parents. They use social engineering and offer free school kits and discounts to lure potential victims. Thus, back to school scams are gaining momentum.
The Season of Back to School Scams
Cybersecurity researchers discovered a scam campaign that uses PDF files. Under the guise of a helpful back-to-school tips document, attackers distribute a file that leads victims to a malicious website. The file’s first page contains a fake captcha that is supposedly supposed to screen out bots. The next page had advice for parents and students to return to school. However, instead of an actual captcha, the document contains a picture that, when clicked, opens a malicious site. This is all done to encourage unsuspecting victims to click on the captcha.
Identity theft, ad targeting, and tracking are all potential risks of sharing personal information online. Attackers can use your information for fraudulent purposes, companies may target you with unwanted ads, and your activities may be tracked and used for various purposes. It is also widespread for scammers to sell stolen information on the Darknet.
A malicious site of Russian origin
As I mentioned above, clicking on the captcha opens a fraudulent website that contains the domain “ru” and the text “all hallows prep school uniforms”. In addition, before reaching the actual site, the user is thrown through several redirects. The site sets cookies, tracks behavior, and collects data on user interactions. Although, according to the analysis, the target audience is the US and India, 11 of the 13 domains detected were Russian, and two were South African. Here’s their list:
- getpdf.pw
- jottigo[.]ru
- luzas.yubit[.]co[.]za
- trafffe[.]ru
- gettraff[.]ru
- ketchas[.]ru
- traffine[.]ru
- cctraff[.]ru
- leonvi[.]ru
- norin[.]co[.]za
- maypoin[.]ru
- traffset[.]ru
- trafffi[.]ru
These were all created in 2020 and 2021 and use Cloudflare name servers.
Seasonal scams
Scammers become particularly active like any other event, whether it’s Black Friday, summer vacation season or Christmas. The following are the most common fraudulent schemes. Knowing which ones you can prevent unpleasant consequences.
- Identity theft. Scammers can use identity theft tactics to target students and parents. It can be accessing school databases, creating fake enrollment forms, and posing as educational institutions or retailers through phishing emails. All this aimed to steal personal information and login credentials.
- Deepfake AI scams. Since the AI epochs are in full swing, scammers are taking full advantage of it. They use deepfake AI to create convincing voice recordings of school officials and mimic students’ or teachers’ voices to trick parents into making payments or sharing personal information. Usually, these scams take advantage of the trust and urgency surrounding back-to-school activities.
- Shopping scams. Similarly Black Friday, as the demand for shopping increases, so does the number of scams. Scammers create one-day websites where they sell low-quality goods. In addition, the victim often receives nothing at all after payment. Beware of fake online stores, fraudulent social media ads and phony package delivery emails are common tactics used to steal personal information and payment details.
- Tax-free scams. Scammers offer false promises of debt reduction or forgiveness, or fake scholarships/grants, demanding upfront payments or personal info. Common scams include student loan forgiveness and scholarship/grant scams. Be cautious and do not give out personal information or pay upfront fees. You can verify legitimacy through the request to the Federal Trade Commission or your state’s attorney general’s office.