Scam Watch: student loan fraud warning

Scam collage

The police have issued a warning about scams targeted at students, following the conviction of a man jailed for a £1.5 million student loan scam.

Olajide Onikoyi, a 29-year-old from Manchester, used a phishing scam to trick students into handing over their passwords online.

Fake emails were sent to potential victims inviting them to click on a link to update their student loan details. But the website was fake and Onikoyi used the personal details he collected to access their bank accounts and withdraw large amounts of money.

In total, £393,000 was laundered from 238 victims and one victim had £19,000 stolen from their bank account.

Detective Chief Inspector Jason Tunn of the Met Police's Cyber Crime Unit said: "My officers worked doggedly to secure Onikoyi's conviction. They examined numerous leads to identify members of this phishing gang, of which Onikoyi was a key member.

"He played a significant role in the scam by systematically targeting British students and UK financial institutions in order to steal large amounts of money that were then dispersed across numerous bank accounts."


When police seized Onikoyi’s computer they found evidence of conversations he had been having with criminal gangs in Russia, Lithuania and across the UK.

Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords. Criminals send bogus communications (such as emails, letters, instant messages or text messages) that appear to come from legitimate organisations.

But the links within these communications direct you to a hoax website where your login or personal details may be requested and your computer, tablet or smartphone may also be infected with by viruses.

Once your personal details have been accessed, criminals can use the information to commit fraud such as identity theft and/or bank fraud.

How to check if you’ve been subject to a phishing attack

Be aware and pro-active: When responding to emails or phone calls, never give your login or personal details. If you receive an email from a company that claims to be legitimate but is requesting these details (or a contact number) tell them you will call them back. Use a contact number for the organisation that you have sourced reputably. Speak to them directly to confirm the message is genuine.

Use your spam filter: If you detect a phishing email, mark the message as spam and delete it. This ensures that the message cannot reach your inbox in future.

Know your source: Never respond to a message from an unknown source. Take care not to click any embedded links. Phishing emails are sent to a vast number of randomly generated addresses. However, clicking embedded links can provide verification of your active e-mail address.

Once this occurs it may facilitate the targeting of further malicious emails. Even “unsubscribe” links can be malicious. Ensure that the e-mail is from a trusted source and you are, in fact, subscribed to the service.