News

Latest NSFAS scam asks students to upload their banking details

Luis Monzon

16th February 2023

As applications close for NSFAS, a new scam has popped up looking to steal money from vulnerable students.
The scam seems like an authentic piece of communication from the chief operating officer of NSFAS, but it asks students to send their banking details to a link.
NSFAS advises those that have come across the scam to not click any links or send any financial information.

‘Tis the season, it seems as just a few weeks after applications for the National Student Financial Aid Scheme (NSFAS) have closed, a new scam has popped up aimed at swindling vulnerable students out of their money. This is not the first, nor will it be the last.

Recently, NSFAS revealed that 941 491 applicants have been granted approval for funding, and this number is seemingly fallow ground for threat actors who are circulating a nearly-authentic communication calling for applicants to upload their financial information. The scam has already been identified by the scheme and applicants are warned to beware:

A now-deleted tweet containing screenshots of the scam, published by the official NSFAS twitter account.

Masquerading as a directive from NSFAS’ “chief operating officer,” the scam urges qualifying students to “capture their banking details to facilitate the processing of allowances before 23 February 2023 close of business.”

It supplies a link from Fundi, which is a local education loan provider, but the text contains a hidden link, or perhaps it links to user to a fabricated Fundi web page made to look authentic, which will lead users to plugging in their banking details and having their money stolen.

This latest scam is a form of social engineering, the most common cybercrime, and seeks to trick users by making communication that seems legitimate. Usually, these types of scams are easy to pick out because they contain poor spelling, grammar or language use.

This scam is no different. It uses the word “unaccredited” when it means “accredited” and there are unusual spaces throughout. Other than this, however, it is believable. Especially if you don’t know the workings of NSFAS and are unaware of online security practices (never share your banking information).

Additionally, NSFAS has said that it does not require personal banking details from students to onboard NSFAS bank accounts.

NSFAS does not require your personal banking details to onboard onto the NSFAS Bank Account.

To onboard onto the NSFAS Bank Account, please visit https://t.co/4gk75HosNN or follow updates on our official NSFAS social media pages:
— NSFAS (@myNSFAS) February 16, 2023

If you are an NSFAS applicant and see this email scam. Ignore it. Do not click on any links and just go about your day. Additionally, email scams can be picked out by checking the actual email address of the sender. This is usually hidden by custom-picked names.

Here is an example:

This email is from “support@info2869.freshdesk.com” and not actually from the ZA Office as it indicates. Government institutions like the post office or NSFAS have official servers and won’t be using services like Freshdesk to send out their communications.

[Image – Towfiqu barbhuiya on Unsplash]