A Phishing Example

My daughter received an innocuous e-mail from the Canadian Student Loan Services (or so she initially thought), asking her to send  a form in to confirm that she is still at school, so that they wouldn’t start charging interest on her student loans. It ended up being yet another  Phishing example or if the victim is richer a Spearphishing example.

At first blush the letter seemed fairly normal (a bad phishing example) , until you start unraveling a few facts:

  • She had already received her student loans for this term, because she had already filled in forms for OSAP (Ontario Student Assistance Program)
  • In the e-mail there is no mention of a Canada Post mail address (no post office box or nothing), which is very odd for a “Government Agency”, not to include.
  • The phone number is also a problem (highlighted in Yellow I hope, and the real number not included), because the area code is 807, normally a government agency uses either 1-800 numbers or other toll-free numbers, but 807 is not a toll-free number.
  • The e-mail return address is also a give away (in green) if you look closer, because NSLSC is actually the correct acronym, however, all federal government domain names include their translated acronym in the domain name (in fact the real domain is csnpe-nslsc.cibletudes-canlearn.ca )

The actual e-mail received

From: do-not-reply <do-not-reply@nslsc.ca>
Date: September 20, 2016 at 11:08:48 AM EDT
To: Little Cajun Daughter
Subject: Urgent Information from the National Student Loan Service Centre

 Phishing Example

This message is intended for Little Cajun Daughter

Our records indicate that your period of study ended as of April 30th, 2016.

Currently, you are in your 6 month grace period which will end on October 31st and your first payment will be due on November 30th, 2016.

If you are continuing your studies on a full time basis in Ontario this September please visit your Financial Aid Office and ask for them to complete a Continuation of Interest Free Status form for your OSAP loan.

If you will be continuing your studies on a full time basis outside of Ontario this September please print a Continuation of Interest Free Status form from OSAP’s website and have your school complete the form.  Once completed please fax the form to OSAP at 807-XXX-XXXX.  Please visit the following link to obtain the Continuation of Interest Free Status form from OSAP: https://osap.gov.on.ca/prodconsum/groups/forms/documents/forms/tcont003388.pdf.

If you have completed your studies or will not be continuing full-time studies in Ontario this September we will be mailing you a Consolidation Agreement in October to advise of your repayment details and options.  No action would be needed on your part until November.

Regards,

The Team at the National Student Loans Service Centre

But Why would some nefarious “baddy” want a new grad’s information? If you look at the form they want you to FAX to their “phone number”, the first line of the form is your Social Insurance Number, and then the rest of the form is easily enough information to create a complete identity (or more correctly steal an identity). New Grads and students may not be the best folks to Phish, they could pay out later?

Anyhow, hopefully some of these simple tips will help you not be the victim of those nefarious bad folks out there, attempting to Phish your identity. Use this as a good phishing example.


About Author:

What do you think?