Build Customer Trust by Protecting against Financial Aid Cybercrimes

Hunter Smit Miniatur
Hunter Smit
Published April 10, 2023

Last year, as my wife started her doctoral program, she began to receive a series of financial aid phishing email attempts. While broadly targeted, they tried to be professional, using comparable branding, a similar domain name, and a call to action; however, they were unsolicited, and the call to action was urgent. After a close look, they were phishing attempts. While she quickly hit "Report as Phishing" in Microsoft Outlook and deleted the emails, it got me thinking about the impact of financial aid scams.

In the United States, approximately 43 million individuals carry a median student loan balance of around $37,000.00. According to the National Center for Education Statistics, nearly 80% of students receive financial aid. With a substantial population carrying student loans and receiving financial assistance, bad actors see this sizable market as a prime target. Forbes reported student loan scams surpassed $5 billion in 2022. Fraudulent metrics are not just depressing statistics; they impact actual people: recent graduates seeing a disruption in their early-career foundation as they enter the workforce.

Risks for Servicers and Borrowers

Student loan servicers commonly see four types of risks associated with student loan and financial aid fraud:

  • New Account Opening Fraud
  • Account Takeover
  • Identity Theft
  • Fraudulent Claims

All four risks result in numerous shared consequences; however, the two consequences with the most significant business impacts are customer trust and attack-related costs. Trust between borrowers and lenders is damaged when borrowers suffer from unauthorized account behavior, fraud, or identity theft associated with a brand. Post-incident, trust is painstakingly difficult and time-consuming to rebuild. Likewise, if attacks are successful, the recovery efforts are enormously expensive for the organization. These are often nightmare scenarios.

Borrowers are heavily targeted by criminals with scams for student loans, loan consolidation, and debt relief. Cybercriminals prey on students, like the phishing attempts my wife received, predicting they will mistake them for official services and either authorize account access or provide PII. In a notice issued by the FBI in October 2022, the Bureau warned borrowers that cybercriminals are targeting graduates offering fraudulent United States Student Loan Debt Relief Plan application assistance.

Taking the Daunting and Making it Ridiculously Easy

In 2022, a Canadian government entity faced an alarming set of distributed denial-of-service (DDoS), bot, and fraud problems for student financial aid and COVID-19 pandemic relief. When this organization contacted F5 to assist in mitigating these attacks, we began an extensive proof of concept for F5 Distributed Cloud Services. The proof of concept allowed them to see the importance of complete security visibility across their applications, showcasing advanced signals to uncover fraudulent application traffic.

During the proof of concept, we found data irregularities pointing to substantial fraudulent claims and account behavior. Upon discovering alarming results, we immediately alerted their cybercrime operations team to present the findings to their CISO and other key leaders within the security organization. After this briefing, the CISO emailed F5 applauding the research saying the following:

"The way you’re presenting is the clearest and crispest way to present this type of data I’ve ever seen in my 33-year career."

Today, this government organization is protected and is always several steps ahead of attackers. Using F5 Distributed Cloud Bot Defense, they stopped over $3 million in fraudulent claims. Their takeaway was a rapid, seamless ability to deploy a robust service to solve and prevent future fraud. One of the best outcomes was increased protection and peace of mind at night for the security team and consumers.

The F5 Distributed Cloud Platform protects applications from bot and automated attacks across multi-cloud, on-premises, and edge environments—managed by a single portal. Security professionals can deploy DDoS mitigation against volumetric attacks, mitigate bots in real time, and protect accounts using powerful AI for fraud protection and authentication intelligence while removing login friction for legitimate returning customers.

Share These Tips to Help Protect Your Student Loan Borrowers

Students and graduates should maintain robust digital hygiene for online accounts. As attackers commonly utilize credential stuffing and brute force attacks, borrowers and financial aid recipients can take action to minimize the likelihood of unauthorized account access by focusing on passwords, multi-factor authentication, and keeping contact information updated.

  • Resist the Phish: Most attacks will start with a simple phishing email. It is essential to educate your borrowers to be suspicious of loan forgiveness offers, or someone pretending to be from their university asking for information like their FSA ID and password.
  • Passwords: For now, passwords are not going away. So, if you have to use them, then use strong, unique passwords, regularly change them, and consider using a password manager. According to, a simple password like mycollege1 could take a computer algorithm around one day to crack; however, a randomized password such as dwf19g-3Y&es-cBE@!s could take more than a lifetime. Encrypted password managers ensure one doesn’t need to remember lengthy, randomized passwords. Password managers like iCloud Keychain from Apple and 1Password can suggest and autofill, making everyone's lives a little easier. 
  • Multi-Factor Authentication (MFA): If a password is leaked and used during a credential stuffing attack, MFA becomes a vital next defense. MFA ensures a second, one-time generated code is required to complete a sign-in attempt. Several multi-factor authentication apps are available, including ones offered by Apple (built into macOS and iOS with iCloud Keychain), Microsoft (Microsoft Authenticator), and 1Password.
  • Contact Information: As life becomes busy, it can be easy to forget who has an old mailing address, phone number, email address, and name. Updating contact information can help prevent notices from going unseen and bad actors from utilizing outdated information to gain unauthorized account access.

Adapting Faster than a Retooling Criminal

The shared commitment to cybersecurity between the servicer and borrower is a requirement. Security must be a foundational building block to create trust and minimize the likelihood of future attacks. Let’s keep each other's digital lives safe with proactive security implementation. For lenders and servicers, F5 Distributed Cloud Bot Defense stops criminals from retooling to bypass defenses while keeping your organization ahead of bots, achieving long-term efficacy and zero customer friction. Learn how F5 Distributed Cloud Bot Defense can reduce fraudulent account creation by 92% and credential stuffing attack costs by 96% with a free bot business impact assessment.