As young people increasingly engage online, scammers are shifting tactics to target university-aged individuals through phishing, smishing, vishing, social media exploitation, loan or tuition fee scams, job offers, and more.
Counter to common belief, younger adults (ages 18–24) are more likely than older groups to fall victim to fraud - often due to impulsive decision-making, high message involvement, and trust in social connections (read more at Investopedia+2Nature+2).
Studies in the UK show that nearly one in three (32 %) young adults reported being a fraud victim in the past year (see this study here).
Fraud losses among 11- to 29-year-olds reached £143.7 million in 2023, based on almost 69,000 Action Fraud reports.
Types of Scams Commonly Targeting University/School-aged Students
1. Phishing and Spear-Phishing (Email & Social Messaging)
Phishing: Generic emails impersonating banks, HMRC, Student Loans Company (SLC), or university finance teams requesting urgent verification or payment.
Spear-Phishing: Highly targeted messages using personal details collected from social posts to trick individuals. Up to 43% of young adults may click on simulated phishing links, compared with 58% of older users in a controlled study.
2. Smishing (SMS/phishing via Text Messages)
Recent SLC warnings highlight the rise in smishing attempts during maintenance payment periods - students receive fake texts claiming to be from the Student Loans Company or HMRC to coerce them into clicking malicious links.
3. Vishing (Voice-Call Scams)
Scammers impersonate officials (tax, visa, university finance officers), pressuring students into sharing sensitive data or paying fees over the phone.
4. Social Media Mining & Impersonation
Fraudsters collect publicly shared personal data (birthday, location, institution) to craft convincing identities or fake messages. Scams may surface as fake competitions or impersonation of peers/influencers on WhatsApp, Instagram, Telegram or WeChat.
5. Tuition Fee, Accommodation & “Job” Scams
Tuition scams: Fake offers to pay or discount fees or arrange visas in exchange for personal information or payment. Universities must make it clear that they never request monetary information via unverified channels.
Accommodation/rental fraud: Students pay deposits on properties that don’t exist. Best practice for students is to always verify accommodation via an in-person view, and of course, question the lack of a legitimate contract.
Fake job offers / money-mule schemes: Offers of easy cash in exchange for moving money - even temporarily - can lead to criminal records. Careers services should make clear that real employers would never ask someone to pay or handle others’ funds.
6. Ticket & Purchase Scams via Social Media
Fake sales of concert tickets, clothing, rooms, electronics - often shared through Instagram or Facebook Marketplace - involve bogus payment, no delivery, or phishing links.
Why Young People Are Vulnerable
Digital engagement ≠ immunity: High usage of social messaging and desire to avoid missing out may lead to impulsive actions without critical evaluation.
Normalisation of small scams: Many young adults treat certain online fraud attempts as ‘normal’ - especially within gaming and social media contexts - icpr.org.uk.
Education gap: Studies find that basic teaching on digital fraud has a limited effect on behavioural response - even those aware of phishing may still fall victim.
What can you do as an Admin?
A. Pre-emptive Awareness & Education
Embed scam awareness into orientation and Ambassador training. Teach clear recognition signals: urgent tone, unfamiliar sender, unsolicited links, requests for money or personal details. Reinforce using official channels only.
Consider targeted campaigns - particularly for international and disadvantaged students - highlighting local examples and lived experiences.
B. Monitoring Platforms like Unibuddy Chat and Community
Instruct Ambassadors to flag suspicious messages received from students: vague or urgent requests, phishing link sharing, payment demands.
Provide template responses for Buddies to add in the Saved Answers tool in their Unibuddy Ambassador app: “We recommend verifying via official university email or phone only.” Forward flagged cases to your IT/policy team immediately.
C. Response Protocol for Reported Incidents
Acknowledge & reassure: Let students know it isn’t their fault. Scammers use sophisticated social engineering.
Verify: Confirm message authenticity through secure internal channels - e.g., finance office, visa support, IT service desk.
Support safe steps:
Advise students and/or Ambassadors not to click unverified links or download attachments.
Suggest changing account credentials if a message came to their institutional email.
Encourage contact with banks or NCA (in an instance of a Money Mule case or fraud) if appropriate.
Report phishing or scam:
Via official university IT security, Action Fraud, Safe-Web, or sector-specific platforms.
Monitor recurrence trends: Log incidents by category (phishing, fee scam, smishing, etc.) to inform training and policy updates.
Recommended Resources for Institutions
UK Government Stop! Think, Fraud Campaign – interactive guidance for fraud prevention.
Action Fraud – reporting and trends portal.
University-specific guides (e.g., University of Edinburgh, Bath Spa, Birmingham) describing scam types and campus protocols.
Sample Messaging Template for Ambassadors & Admins
Feel free to use this template to respond to students that report cases of scams to you as an Admin - or equip your Ambassadors with this template, so they are empowered to support students as well.
Make it clear to your Ambassadors that even if they opt to reply to a student reporting a scam, you also expect them to flag and report any concerning incidents to you.
“Hello [Student Name], thank you for flagging this message. We want to reassure you - it’s not your fault. Please don’t click any links or share personal or payment details. We’ll verify whether this request is legitimate via our official Finance or IT team. We recommend you only make payments or share information via university portals or official phone numbers. If you've shared sensitive data, we can guide you on next steps. Stay safe and let us support you - just reply here or email [support contact].”
In summary, young people are frequently targeted through evolving digital channels - phishing, smishing, impersonation, and more. University students in particular face heightened risk due to timing, financial transitions, and high social media engagement.
Universities can play a vital role in building resilience: by promoting awareness, empowering Ambassadors as first responders, using secure verification paths, and supporting students who have reported incidents.
With consistent support and monitoring, communities can reduce harm and foster safer digital environments for all students.