University students are increasingly being targeted by fraudsters who exploit financial pressures, part-time job searches and accommodation needs. From fake landlord listings to student finance phishing emails, scams are now a real part of campus life. Our research at PORGiESOFT Security, reveals that students remain one of the most vulnerable demographics to fraud and scams - largely due to financial stress, limited fraud-focused financial education and digital dependence. Understanding the Student Threat Landscape Fraud targeting students typically falls into these key categories: Accommodation scams - fake rental listings or deposits for non-existent housing. Job and income scams - false remote work opportunities or fake recruiter messages offering high pay for simple tasks. Phishing and financial scams - fraudulent emails impersonating Student Finance, HMRC, or universities asking for payment details. Students may also encounter scams through social media groups or online marketpla

QR codes have become a normal part of daily life. We scan them to pay bills, view menus, check into buildings, even access government services. As adoption grows, so too does the opportunity for fraud. Criminals are now weaponising QR codes to deceive consumers, employees and even entire organisations. At PORGiESOFT Security, our Threat Intelligence Function has been monitoring the sharp rise in “quishing” - QR-code phishing - across both public and private sectors. A new entry point for fraud A QR code is simply a digital bridge. It connects a physical environment to a web destination in seconds. Fraudsters exploit this by swapping or overlaying genuine codes with malicious ones that redirect to cloned websites or install malware. In 2024, we detected fraudulent QR codes targeting car-park payment machines, event tickets, and council notices. Some even mimicked NHS vaccine booking links during the pandemic’s later stages. The subtlety of the attack – and public familiarity with scann

What is smishing? Smishing refers to SMS-phishing attacks where scam messages are sent via SMS. Instead of longer scams being delivered via emails, it’s scams being sent via text messages. Such messages usually contain a link and impersonate legitimate organisations. Threat actors use various manipulative techniques to convince and trick recipients of smishing messages. Fig 1 - Legacy smishing message Emerging tactics Smishing messages traditionally used to contain only links, but threat actors have adapted their tactics to include confusing linkless messages that use phone numbers or that ask for one word or letter replies without any URLs included initially. Some recent messages we’ve noticed have only contained one word - “Hi”, once the recipient engages with the threat actors by replying they then send further messages sometimes offering work opportunities or acknowledging a non-existent job application. End Game for Smishing Threat Actors The end goal for threat actors is to piqu

Authorised Push Payment (APP) fraud has emerged as one of the most damaging forms of financial crime in the UK. Unlike traditional scams, APP fraud relies on deception rather than hacking. Victims are persuaded to transfer money themselves - to a criminal account they believe is safe. How APP fraud works A typical case begins with a convincing impersonation: a phone call from “the bank’s fraud team”, an SMS alert, or even a WhatsApp message appearing to come from a family member. The victim is told their account has been compromised and that they must transfer funds “for protection”. Once the transfer occurs, the funds are often dispersed through a web of mule accounts within minutes. The emotional dimension Fraudsters no longer rely solely on technical skill. They exploit emotion - fear, trust, love, urgency - to manipulate and confuse victims. PORGiESOFT Security’s behavioural analysis shows that victims generally report “feeling pressured by authority” during the scam. Why detection

Every year, thousands of people who consider themselves digitally savvy fall victim to scams. It raises an uncomfortable question: if we know fraud exists, why are there still fraud victims? Fraud as psychological warfare Fraudsters craft messages that exploit instinct rather than reason. Their goal is not to outsmart systems but to override our judgment. PORGiESOFT Security’s Threat Intelligence research identifies three recurring emotional triggers in successful scams: urgency, authority and reward. Urgency – “You must act now.” Authority – “This is your bank / your boss / the government / I need a gift card.” Reward – “You’ve won / you’re entitled to a refund.” When these cues appear in moments of stress or distraction, even experienced professionals can react impulsively. In other cases, the intention is simply to pique the interest of the recipient - not necessarily to deceive initially. Cognitive overload in the digital age Modern life floods us with notifications, deadlines and

You can't wait to start shopping this Black Friday, maybe you've even been sent some early deals. How can you stay safe online? Black Friday is an exciting time for businesses, there are so many transactions. In 2021, Black Friday falls on November 26. Last year according to the PwC, 88% of shoppers expected to do their black Friday shopping online and we can expect something similar this year. The surge in transactions saw one card processing firm process over 1,000 transactions per second. Current events remain one of the most important weapons in the arsenal of fraudsters, they exploit current events to make a scam more relevant, more believable and more urgent. Due to the time-limited nature of black Friday deals, the volume of transactions and the ensuing surge in deliveries over the next few days, there’s a strong possibility you or your loved ones could inadvertently become victims of cyber fraud. What can you do to stay safe? We’ll take a closer look at the overall threat land