College students beware.
On September 29, 2020, the Federal Bureau of Investigation issued a private industry notification warning universities and students of ongoing spear phishing attacks that have allowed thieves to successfully redirect financial aid funds into various Green Dot* bank accounts.
These spear phishing campaigns usually coincide with periods where large volumes of financial aid funds are disbursed, such as at the beginning of a school term, and the attacks are expected to continue into 2021.
The phishing emails fraudulently obtain student login credentials, allowing cyber actors to gain access to and change direct deposit information. Funds are withdrawn and quickly transferred to accounts around the world.
After the funds have been successfully disseminated by the financial aid provider to the "new" bank account, the student suffers a financial loss that results in insufficient funds to pay tuition or other student needs (i.e., books, housing, meal plans, etc.).
Students, remember to never click links or open attachments in unexpected emails without first inspecting links and validating the sender. Do not enter credentials on a web page that you were redirected to from an email message—especially for sensitive accounts.
As a rule, I ignore login links sent by my bank; instead, I go straight to my web browser to log in using the bank's known URL, not the URL provided in the email or attachment.
*Green Dot Corporation is an American financial technology and bank holding company. It provides customers affordable debit accounts and offers businesses an all-in-one platform for building banking into their brand.