Threat Alert: Phishing Attacks Use Student Loan Forgiveness Lure

• Phishing attacks using potential eligibility for student loan forgiveness as a lure have been identified.
• The phishing emails use the recipient’s name in the email subject line and the recipient’s address in the email body to increase perceived legitimacy.
• While the emails try to appear legitimate, they come from free Hotmail sending addresses.
• The lures tell recipients they must call a provided number within a day for potential loan forgiveness.
• Calling the number connects recipients to a cybercriminal-controlled call center that can lead to follow-on crimes, like financial fraud or malware deployment.

Key Action: Report Suspicious Emails 

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs.
• Beware of “too good to be true” offers. Cybercriminals know recipients are likely to be tempted by lures promising amazing offers—like student loan forgiveness. When offers like this are paired with a looming deadline, they are almost certainly a scam.
• Report ANY suspicious emails using the Phish Alarm button.