In recent weeks, the U.S. student loan market has been in the spotlight – not just for the much-discussed loan forgiveness plan launched by the Biden administration, but also for the segment’s growing position as a target of the financial fraud.
Indeed, just two weeks ago, it was widely reported that more than 2.5 million student borrowers had been victims of a massive data breach that affected both EdFinancial and l ‘Oklahoma Student Loan Authority. As with many recent financial institution breaches, this particular attack originally came from Nelnet Servicing, a large provider of technology services to student lenders. Unknown malicious actors may have gained access to a wide range of account holder information, including names, home and email addresses, phone numbers and social security numbers in June and July this year. . (Nelnet insisted that financial account information was not compromised in this attack.)
As with the recent KeyBank mortgage account breach, news of the massive student loan account compromise was followed by relatively quick legal action. Last Wednesday a class action citing “breach of contract” was filed in Nebraska District Court against Nelnet Servicing, which is based in that state. The complainants were student borrowers who said they were affected by the incident. Similar to the KeyBank breach and ensuing lawsuit, the lawsuit focused on the apparent delay of more than a month between the third-party service provider (in this case, Nelnet Servicing) finding the unauthorized access and informing student lenders that their client-borrowers could be affected.
“When an organization discovers a vulnerability for specific accounts or data, it is most likely related to misconfigured or not fully patched infrastructure or systems,” said James McQuiggan, security awareness advocate at KnowBe4. “Cybercriminals look for these weaknesses and attack systems to get to them quickly. When patches and updates are available for critical systems, it is crucial that organizations quickly fix the risk or fix the system. »
Opportunistic scams emerge after newsworthy events
However, various issues can challenge the risk reduction and remediation process, one of the most important being the pressure to meet regulatory or market requirements. And this is where the student loan industry and its third-party providers are likely to face new challenges.
The recent (and some would say controversial) new student loan forgiveness program has catapulted this segment of the U.S. financial services market to the forefront, creating confusion for some borrowers and pressure for lenders and, consequently, new opportunities for astute cybercriminals who realize this may have created a near-perfect environment for them to slip into systems and take advantage of old and new flows of funds flowing between borrowers, lenders, government and other parties.
When significant and newsworthy events occur, in this case student loan cancellation, “certain types of opportunists almost always show up to build scams to capitalize on attention,” according to Tim Helming, evangelist of cybersecurity with DomainTools.
“Many of these scams will involve phishing, and one of the main ways to avoid being caught by a phishing attack is to be aware of similar domains and websites,” Helming added. “Threat actors are good at creating domain names that can fool many users into looking a lot like legitimate domains.”
On September 14, the Ministry of Education announced that up to 9 million student borrowers who made at least one debt payment during the pandemic (between April 2020 and March this year) were to be repaid. This wrinkle alone – although a financial benefit for student borrowers – could create a substantial opening for crafty cybercriminals to more easily ply their trade here with phishing emails and social engineering scams, or stealth ransomware or other types of malware exploits, which exploit these huge changes in the student loan market.
Helming pointed out that while “Ransomware is in the news, phishing losses are still significantly higher, according to the FBI… It’s important to remain vigilant about phishing and its ‘cousins’ such as smishing [text-based phishing].”