Young and extreme: how scammers cheat students before September 1st
Fraudsters may use various schemes to deceive students before September 1, experts have warned about this. Earlier, the Ministry of Internal Affairs revealed various tricks of scammers directed against university applicants; however, those who have already enrolled in educational institutions often become targets for intruders. For more information about what schemes scammers can use to deceive students before September 1, how dangerous they are and how to protect themselves from them, see the Izvestia article
Why are Russian university students interesting to scammers
Fraudsters are interested in students as another opportunity to expand the reach of potential victims, says the director of the Solar AURA Monitoring Center for External digital threats (Solar Group) in an interview with Izvestia Igor Sergienko. University students, who until recently were under the full care of their parents, are not as independent and have less experience in the social sphere than adults, which makes them vulnerable to scams.
"Scammers are especially interested in young people with limited digital skills or insufficient experience in dealing with government agencies," says Alexandra Shmigirilova, GR director of the Security Code information security company. — They may be more easily persuaded by more "experienced" interlocutors.
Students use a variety of online services and generally spend a lot of time in the digital space, which provides more entry points for fraudsters, adds Maria Mikhailova, head of the Angara SOC brand protection group. First-year students who are under stress before coming to university may not know all the details of paperwork or how educational institutions work, which scammers can take advantage of.
What schemes of cheating students should be expected in 2025
Recently, against the background of the development of artificial intelligence (AI), fraudsters can use deepfakes to call students on behalf of, for example, teachers or university administration, Maria Mikhailova believes. The purpose of such schemes is an attempt to steal personal data and funds of potential victims.
"Hackers can also fake the profiles of teachers or supervisors of first—year students on social networks to spread fraudulent schemes,— predicts the Izvestia interlocutor. — Another possible scenario is to use the topic of scholarships and tuition fees.
As part of it, students can receive calls from "responsible experts" under the pretext of "recalculating" scholarships, "tax deductions" or "reducing the amount of tuition fees," says Maria Mikhailova. It is also possible that attackers will distribute malicious software under the guise of a "university Mobile application" or an "Attached schedule." In 2025, there is a clear shift in the vector of attacks towards messengers and, above all, Telegram, adds the data analyst of the Coordination Center of domains .RU/.Russian Federation Evgeny Pankov. So, according to the Domain Patrol project, in the first half of the year, the number of phishing domains masquerading as Telegram increased 3.6 times — from 925 to 3386.
"Telegram remains a popular messenger both for personal communication and for official communities, and this makes it especially attractive to scammers," the expert notes. — Therefore, we can expect that it is here that students will be attacked more often.
According to Evgeny Pankov, the scenarios can be different: for example, scammers can create fake "groups of first-year students" and, on behalf of the dean's office or the admissions committee, demand urgent payment for a dormitory or an "additional tuition fee." But even in real groups or student chats, there are risks: hacked accounts can be used to sell fake certificates, student initiation tickets, and other events.
What schemes of cheating students have previously been found on the Web
In previous years, fraudsters used schemes in which students, allegedly on behalf of the dean's office, were offered to replace credits and register through "Public Services" in various services, for example, the state information system "Modern Digital Educational Environment" (GIS SCS), says the director of the monitoring center for external digital threats Solar AURA in an interview with Izvestia (Solar Group of Companies) Igor Sergienko. In fact, the links to these portals were phishing.
—For a long time, experts from the Angara SOC brand protection department have been noting the increased attention of intruders to students who have access to the Gosuslug portal," agrees Maria Mikhailova.
In particular, according to the expert, from the end of 2024 to the beginning of 2025, before the winter session, numerous cases of calls were recorded to parents of first-year students, and then to the students themselves, with demands on behalf of the administrations of educational institutions to connect to the "Unified Student and Student Portal" or update a certain "Digital Educational Profile". allegedly linked to the Gosuslugi portal.
In addition, the experts identified phishing sites hiding under the big names "Unified Assessment and Control System", "Multidisciplinary Assessment and Control System", "State system for checking and accounting for student achievements", and also identified the patterns by which they are created. All these resources were promptly blocked by specialists from government agencies.
— During the admission campaign in 2025, fraudsters changed tactics and shifted attention from students to applicants, posing as admissions officers, — says Maria Mikhailova. — Applicants were lured out of money and personal data under various pretexts, reporting hacking of accounts on the Gosuslugi portal and offering to transfer funds to a "secure account".
Later, the attackers returned to attacking students: on behalf of the "rector" or "vice-rector" of the university, they were warned about funds of questionable origin entering the bank account. This was followed by a call from the "security supervisor" asking them to turn on the screen display when logging into the online bank. The goals of all attacks on students are similar: obtaining personal data and access to the Gosuslugi portal, as well as financial benefits, the specialist emphasizes.
How can students protect themselves from fraud attacks
Fraud schemes directed against university students are dangerous because, in the event of a successful attack, the victim may lose money, both his own and his parents' personal data, and may also be involved in various kinds of illegal activities, including sabotage and terrorist acts, Igor Sergienko says in an interview with Izvestia..
"The danger also lies in the psychological consequences: deception can cause a serious blow to the psyche of young people,— emphasizes Evgeny Pankov. — Becoming victims of fraudsters, they often feel a strong sense of guilt, which can lead to serious consequences, including suicide attempts.
In order to protect yourself from attacks by scammers, in any situation it is necessary to critically evaluate information and not give in to panic, since one of the tasks of intruders is to bring the victim out of psychological balance and provoke hasty actions, the head of BI notes.ZONE Brand Protection Dmitry Kiryushkin.
When considering offers of help in exam preparation, it is important to always check website addresses, as phishing resources often mimic real domains. You also need to pay attention to connection security, browser warnings and security systems, be wary of big discounts, and check reviews for tutors on third-party resources.
"Cyber literacy training also plays an important role: special lessons will help you better understand the risks and behave more responsibly in an online environment," concludes Dmitry Kiryushkin. — It is necessary to maintain a sound approach, carefully analyze the tutors' data from the exam preparation announcements. Take into account the number of teacher's grades, confirmation of his personality and professional experience.
Переведено сервисом «Яндекс Переводчик»
