Saturday, August 7, 2021

US Federal Student Aid Warning

FAFSA Phishing

New US Federal Student Aid Warning 

August 8th, 2021

By Dominic Alvieri


US Federal Student Aid Phishing


Back to school is a stressful time for most. More so with sky-high tuition costs and financing those rising costs. FAFSA is an office of the Department of Education and assists in Federal Student Aid.

FAFSA is under a phishing warning. Several new malicious fake FAFSA login sites have appeared. 




 Warnings are great but what if you don't get one?

New phishing site fafsa-login[.]net


First step phishing at fafsa-login.net



The site first redirects users to a "VPN Update" below.





Then take immediate action...





Further research showed that the redirects cycled through a registry and not every visit reached the same site or payload. No zero-click danger here and interaction is required as is the case in most malicious takeovers and malware applications via malspam.

Other detailing information about you or your device?

Another fake FAFSA appeared last night:

fafsalogin[.]net


Fake fafsalogin.net


Interaction required again. The biggest fear is that one day one of these cyber criminals will be able to construct a zero click for one of these sites. A viral video would go far to spread the malicious activity.

Any warnings for others that may be springing up? The new registration below is inactive but potentially dangerous. NameCheap has done a great job in suspending malicious registered domain activity.



The official FAFSA website is fafsa.gov

Always use official sites and go directly to site, app or account in question. 
Check the URL and links.

Stay safe.


The Cyber Show by Dominic Alvieri


The Cyber Show 

by Dominic Alvieri

Twitter @AlvieriD

Not on Facebook

at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)

Typosquatting with Mikhail

The Infrastructure Boss by Dominic Alvieri April 10th, 2024 @AlvieriD What does a former Boris Yeltsin era Defense Minister for the Russian ...