Weekly Threat Report 15th September 2017

Created:  15 Sep 2017
Updated:  15 Sep 2017
NCSC building with logo
We would like your feedback on the Weekly Threat Report. Please send us your thoughts, suggestions and queries using our 'Contact Us' page.
This report is drawn from recent open source reporting.

Phishing scam targeting UK university students

Media reporting earlier this month highlighted a warning by Action Fraud of a phishing campaign against university students. The scam involves fake emails claiming that the Student Loans Company have suspended the victim’s account. Victims are asked to provide credentials and bank account details, which is used to carry out identity theft and fraud. 

Cyber criminals often seek to exploit seasonal events, such as the start of university terms, or current affairs to raise revenue through scams. Campaigns targeting students have been carried out for several years. In 2011, six people were arrested over a £1m phishing scam in which money was stolen from the hacked bank accounts of hundreds of students, with emails inviting students to update details of their loan arrangements. In 2013, a man was jailed for his involvement in a £1.5m phishing scam, which used a similar methodology.

Action Fraud’s alert provides advises anyone receiving a scam email to forward the message to in addition to reporting it to Action Fraud. The NCSC website provides advice for small businesses on avoiding phishing attacks.


Equifax data breach

Equifax has confirmed it was the victim of a data breach between May and July 2017. Equifax, based in the US, is one of three large credit scoring agencies used by companies to check the credit worthiness of customers. It has stated that the records of up to 143 million Americans may have been accessed during the breach – these records reportedly include names, social security numbers, dates of birth and other personally identifiable information (PII). The extent of the impact on UK individuals is not yet clear; however, Equifax has confirmed that limited PII of UK citizens has been exposed.

Equifax is yet to confirm how the compromise took place, with investigations into who was responsible for the breach still underway. Both criminal groups and nation state actors have been responsible for a number of recent, significant data breaches. Cyber criminal groups are increasingly capable of identifying and extracting data of value from large data sets, categorising it and presenting it in a way that can be used to make money. Alternatively, this ‘cleaned’ data can be sold on criminal forums for other actors to exploit. Nation state actors are also highly capable of mining large data sets, often for espionage rather than financial motivations. UK citizens are reminded to remain vigilant against possible fraud attempts following this breach.

Read the latest NCSC statement on the Equifax incident.


The Cyber Security Information Sharing Partnership (CiSP) is a great way of learning more about threat information as well as engaging with industry and government counterparts. Follow the link below for more information.

Join CiSP

Was this report helpful?

We need your feedback to improve this content.

Yes No