According to reports, 42 million people owe US$1.3 trillion in student debt in America today. With most of these student loans being government-backed, the student debt industry in America is big business and estimated to be worth $140 billion annually.
Scammers globally have been quick to take advantage of the desperate plight of graduates struggling with student debt by preying on them with seductive offers, such as student loan forgiveness. In recent research into the activities of the Ascesso (aka Tofsee) malware family (Trojan.Ascesso), Symantec observed several spam runs attempting to send out thousands of student loan forgiveness scam emails.
Student loan scam spam
Figure 1. Example of a student loan forgiveness spam email sent from Trojan.Ascesso
The student loan scam spam comes in a variety of forms but typically offers a reduction in student debt, consolidation of debt, or student loan forgiveness. The scam emails will entice readers with offers that seem, and are, too good to be true, such as qualifying for zero payment or having their entire loan forgiven. Others may try to charge for services that can be accessed for free from the government, your lender, college, university, or other sources.
In some examples of these types of scams, victims have reported calling the number listed and being told they qualify for financial help. The victims are then told they must purchase an iTunes card for hundreds of dollars as an ‘application fee’ and receive further requests for more cash.
The US government does run assistance schemes to help people manage their student debt but there is no fee to apply for those schemes, with a request for an upfront fee one of the most common signs that the offer is a scam.
The Ascesso (aka Tofsee) malware family is a modular Trojan first seen by Symantec in 2007. The threat’s main purpose is spamming. It is known to be spread via social-engineering techniques, exploit kits, and spam. Over the years, Symantec has identified several new variants of this malware family with extended capabilities to download additional malicious plugin components. These components have allowed for increased crimeware activities, which include the download of different malwares, distributed denial of service (DDoS) attacks, Bitcoin mining, click fraud and data stealing.
Customers of Symantec’s Cloud email security service are protected against these spam messages. Symantec and Norton products detect samples of the Ascesso malware family through the following detections:
Intrusion prevention system