In October, federal student loan payments restarted, with some borrowers only now resuming payments after a nearly three-year, pandemic-driven hiatus.
With the pause on student loan payments ending, cybercriminals are exploiting confusion about loan forgiveness to reach new marks. A quick glance at the gargantuan totals for U.S. student loan debt, which today stands at $1.75 trillion in both federal and private loans, explains why scams targeting borrowers are on the rise.
Student loan scams run according to a simple playbook, says Ally Armeson, executive director of programs at the Cybercrime Support Network. Scammers contact an individual, promising help getting rid of or consolidating student loan debt. In return, they
typically ask either for an upfront fee or for personal information that can later be sold on the dark web.
“We see that when there’s something big in the news or something going on in the world, criminals will shift their bait to manipulate your emotions.”
—Steven Estep, ICBA
The changing face of student loan fraud
With the help of technology, including generative AI, financial scams now come in many shapes and sizes. Emails, texts, Facebook and Instagram messages, phone calls, and the U.S. postal service are all ways to perpetrate these scams.
Whether executed through social engineering (convincing someone to act against their best interests) or phishing (messages purportedly from a reputable company but designed to get personal information or money), student loan scams are a hot opportunity for bad actors.
The fact that there was so much media discussion about loan forgiveness makes the scams that much easier to land.
“We see that when there’s something big in the news or something going on in the world, criminals will shift their bait to manipulate your emotions,” says Steven Estep, assistant vice president, operational risk for ICBA. “When
you’re talking about what could be hundreds of thousands of dollars, that’s a good way to get people to react in ways they might not normally react.”
Scam-proofing your customers
“Student-debt relief is an emotional topic,” says Suzanne Sando, senior analyst, fraud and security, for Javelin Strategy & Research. “Many of us have been paying our loans with high interest for such a long time that the idea of some semblance of debt relief leads to a sense of urgency.”
Knowing the psychology of debt, scammers encourage their prey to act quickly before doubt can creep in. For this reason, says Sando, a heightened sense of urgency in a message is a red flag.
More sophisticated scams exist, too, falling under the umbrella of “spear phishing.” Here, she says, a bad actor researches a particular individual, quoting certain nuggets of information designed to make an offer look legit. Harder to carry out, these scams have the advantage of higher success rates.
Although most community banks don’t issue student loans themselves (and only an estimated 8% of all student loans are privately issued), bankers often feel a duty to educate their customers to prevent them from being harmed by cybercriminals.
Instructing customers to trust their instincts is Sando’s number-one piece of advice.
“The first and most important thing is that if something feels off, it likely is off,” she says. “If there ever is a question of legitimacy, it’s best to stop, take a breath and reach out. There’s never shame in asking for
The total amount of federal and private student loan debt in the U.S.
Well before a cybercrime occurs, community banks can take preventive steps to keep customers safe. For instance, Sando advises bankers to make their websites “a hub where consumers can go to easily find information when they suspect something is wrong.” Prominently posting your bank’s contact information helps, too.
Community bankers can also educate customers on good cyber hygiene—everything from regularly updating passwords to using multifactor authentication and never clicking on a link without first checking the source.
Another kernel of wisdom comes from the Federal Trade Commission (FTC): “Don’t give away your FSA ID login information.” Only scammers would ask for Federal Student Aid (FSA) login information, says the FTC, and “if you share it, the scammer can cut off contact between you and your servicer—and even steal your identity.”
“The fact is,” says Armeson, “we live in a day and age where if you’re getting any kind of unsolicited communications—text, email, calls and/or mail—you need to verify before giving any money or personal information. Artificial intelligence is also making it easier for communications to look legitimate.”
If a customer does end up providing information to a suspicious link, Armeson recommends they go to their bank’s official website and change their password in addition to notifying their bank.
Depending on what’s occurred, notifying the FBI may also make sense, and the FTC encourages contact through reportfraud.ftc.gov.
Student loan debt is arguably the cybercrime du jour, but the landscape keeps changing.
“Right now, student loans are just the bait that cybercriminals are using, but that won’t always be the case,” concludes ICBA’s Estep. “In a couple of months, it will be tax season, and there will be a bunch of those scams, too.”