A 25-year-old man was arrested at a Deptford address on Thursday as part of a police investigation into a £1 million online scam that targeted students.
Scotland Yard revealed a criminal network contacted students with student loan accounts, asking them to update their bank account details on a convincing but fake Student Loans Company website.
As unsuspecting students uploaded their details onto bogus web sites, the cyber criminals were able to gain unauthorised access to student bank accounts and extract sums of money ranging from £1,000 to £5,000 at a time, the Metropolitan Police said.
As part of the investigation, detectives have worked closely with the SLC, the banking industry and internet service providers.
Another three men and two women were arrested in relation to the scam at addresses in Stratford, Manchester and Bolton. The suspects were arrested on suspicion of conspiracy to defraud under the Computer Misuse Act and money laundering offences.
Officers also seized a number of computers and associated storage media for forensic examination.
Detective Inspector Mark Raymond from the Police Central e-crime Unit said: “A great deal of personal information was compromised and cleverly exploited for substantial profits. We have disrupted a suspected organised group of cyber criminals and prevented further loss to individuals and institutions in the UK.”
The SLC warned students on Tuesday not to reveal their personal banking details online. It assured students the SLC would never ask students to update their bank details or student account details via email.
Heather Laing, Student Loans Company’s Fraud Manager, said: “Fraudsters could steal your details when you transact online. They do this by tricking you – making you believe you’re sending these details to the Student Loans Company. In fact, the details could be going straight to the fraudsters instead – even if it looks like you’re on our website. To defend your personal details, you need to use antivirus software and a firewall.”
The scamming technique, known as phishing, is an attempt to obtain confidential details such as usernames, passwords and bank account details by posing as a legitimate company, usually via email.
Further tips for students on how to avoid becoming a victim of internet fraudsters can be found in this article EastLondonLines published in October.