Scammers are sending out student loan forgiveness spam mail in an effort to distribute Ascesso malware to unsuspecting users.
Fraudsters have launched various spam runs to capitalize on the plight of American college graduates who collectively owe more than $1.3 trillion (and counting) in student debt.
One such campaign from “Student Help” offers to assist recipients with their student loans.
To add a touch of legitimacy, the spam mail frames itself as a response to an inquiry the user allegedly made into student loan forgiveness sometime in the past.
The scammers don’t provide any details into how their services could allegedly help a recipient with their student loan payments. They do say, however, that they could work to garnish the user’s student debt with their tax refund in preparation for tax season.
The above message is one type of spam mail used by the scam group to reel in victims, but it’s not the only one.
According to Symantec Security Response:
“The student loan scam spam comes in a variety of forms but typically offers a reduction in student debt, consolidation of debt, or student loan forgiveness. The scam emails will entice readers with offers that seem, and are, too good to be true, such as qualifying for zero payment or having their entire loan forgiven. Others may try to charge for services that can be accessed for free from the government, your lender, college, university, or other sources.”
Regardless of its form, each spam campaign leads to the same destination: Ascesso, a type of modular trojan which circulates via social engineering, exploit kits, and spam. The malware enables actors to launch secondary attacks, including malware campaigns, distributed denial-of-service (DDoS) offensives, and more.
To protect against student loan spam mail, users should pay attention to the sender and verify that they actually inquired about student loan forgiveness with that entity.
It’s also a good idea to stick with a student loan forgiveness program offered by the U.S. government, as you can trust those services are legitimate and won’t ask you for a fee.