Fraudsters earn big by spoofing UK Universities’ web domains

Fraudsters earn big by spoofing UK Universities’ web domains

Iranian hacker group spoofed websites and login pages of 74 universities

Cyber criminals are raking in hundreds of thousands of pounds by spoofing domains of well-known UK universities and then using such fake domains to defraud British and European supply companies out of vast sums of money, Action Fraud has warned.

Domain-spoofing is not a recent phenomenon but has been used by cyber criminals frequently over the past decade to defraud unsuspecting customers, clients, or students out of vast sums of money. This kind of spoofing involves cyber criminals creating fake domains that look pretty much like those of genuine organisations at first glance, thereby fooling visitors to fake websites.

UK Universities’ domains spoofed for financial gain

Action Fraud has sounded a fresh alert about an elaborate domain-spoofing operation carried out by cyber criminals who have chosen to mimic domains of well-known UK universities. Once the fake domains have been created, they are being used to defraud British and European supply companies out of vast sums of money.

“Fraudsters are registering domains that are similar to genuine university domains such as, and These domains are used to contact suppliers and order high-value goods such as IT equipment and pharmaceutical chemicals in the university’s name,” the watchdog said.

Once the suppliers receive such e-mails from the fraudsters, they send over quotations and receive purchase orders with delivery addresses in return which look very similar to real university purchase orders. The suppliers then deliver the requested products such as IT equipment and pharmaceutical chemicals to the mentioned address but do not receive any payment in return.

According to Action Fraud, fraudsters behind the operation have caused losses of over £350,000 to unsuspecting suppliers. “This type of fraud can have a serious impact on businesses. This is why it’s so important to spot the signs and carry out all the necessary checks, such as verifying the order and checking any documents for poor spelling and grammar,” said Pauline Smith, director of Action Fraud.

“This is a pretty low tech attack where the criminal sets up lookalike domains to the University, the premise is similar to a Business Email Compromise attack, except that, impersonation not compromise has taken place,” said Andy Norton, director of threat intelligence at Lastline.

“The best defence for organisations Is to have robust policies and procedures that ensure a second pair of eyes validates business transactions and the shipment of goods, services or payment,” he added.

Not the first domain-spoofing scam targeting universities

A similar yet highly-publicised domain-spoofing scam took place around the same time last year that involved fraudsters spoofing Newcastle University’s website and creating a fake website featuring identical course details as the original Newcastle University website to lure unsuspecting students.

The fake website featured a ‘Newcastle International University’ banner and offered visitors details on admission procedure, course details, and university news. The site also asked prospective students to pay admission and course fees on the website itself aside from sharing their personal details.

Students looking to apply for courses at the Newcastle University were also prompted by the fake domain to share their names, dates of birth, email addresses, and passport numbers.

Azeem Aleem, Director for Advanced Cyber Defence Practice EMEA at RSA, then said that the domain-spoofing scam focussed on overseas students who did not have the local knowledge to spot the difference between the fake site and Newcastle University’s official website.

“Make no mistake, this is an effective scam. They’ve put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks.

“Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn’t want to fall into the wrong hands,” he said.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]