A new visa scam has come to light targeting international students from China studying in the UK. At least, it’s being presented as new. In truth, it comes around every so often and has been on the radar for a few years.
The scam works by presenting a threat to students’ immigration status and uses various techniques to extract sizable payments from the victims. In the worst cases, it also embroils them in money mule scams and that’s a bad result for the students.
Many of these attacks target specific regions in the UK with a high density of overseas students, and because all manner of immigration-related statistics are published regularly in the UK, it’s an open-source goldmine for people wishing to create a list of targets.
A broad surface area of attack
The UK is hugely popular with international T4 visa students from China, with applications up some 30 percent since 2018. Data available from the Higher Education Statistics puts this trend into sharp perspective. As they mention:
- Since 2012/13 the number of entrants from China each year has exceeded the number from all EU countries combined.
- In the 2017/18 academic year alone, the biggest international cohort was from China, with 106,530 first year students. India was a distant second with just 19,750. What’s particularly interesting is you can break this data down further and see which universities have the most students from specific regions.
- Some of those universities, as well as others with a strong Chinese student community, have had to give out repeated warnings to students about these attacks.
Why are scammers targeting Chinese students?
Being a student in the UK on a T4 student visa is expensive, so every penny counts. As one student notes in the article linked above regarding application increases, there is a persistent incorrect stereotype that Chinese students in the UK all come from wealthy families. As many of these attacks result in large payouts for scammers, they’ll simply keep doing what they see is working whether the target is actually wealthy or just surrounded by multiple student loans. After all, they only need to strike it lucky once.
So, now that we’ve looked at why these particular students are hot targets, let’s take a walk through a timeline of attacks stretching back to 2007.
Back in the day
In 2007, student Jaiyue Wang was tricked into handing over £6,000 to scammers based in Nigeria who’d convinced her of half a million pounds in lottery winnings. When the prize didn’t turn up, it hit her hard and she eventually committed suicide at her residence in Nottingham. An absolutely tragic end to a commonplace scam, and notable for potentially being one of the first well-known confirmed UK deaths off the back of one of these groups (here’s another awful one from 2004).
These two attacks probably weren’t targeting students specifically; they just landed in people’s mailboxes, like so many scams did way back when. However, targeting specific groups of people (students, workers, people from a certain region, and so on) would soon become commonplace.
Wind forward a decade, and students are treated as an amazing opportunity for bad people to exploit and ruin while making a tidy profit in the bargain.
2018 and 2019 have been fertile years for money mules. A typical scam usually plays out like this, with students caught passing stolen sums of cash between various bank accounts. Elsewhere, the scale of the crimes committed are quite significant. Criminal gangs don’t just exploit one or two students; they’ll make use of as many as they can, resulting in hundreds of bank accounts being frozen by the National Crime Agency and students galore brought in for questioning.
Because these scams often rely on unwitting students, many are found to have already returned to China long after the fraud is discovered, which makes investigating even more difficult. And US$4.6 million in money mule shenanigans is not pocket change. Here’s a similar scam from August of this year, which involved another Chinese student, a “business opportunity”, and a US$19 million money laundering operation targeting multiple students.
The visa scam makes its move
— ACEI (@aceiglobal) July 12, 2019
The earliest reference I found to this visa threat targeting Chinese students is from 2015, though there are quite likely others prior to that. The UK Council for International Student Affairs warn of the following:
- Criminals pretending to be in education, UKCISA itself, or the Home Office
- Fictitious claims of immigration problems related to their visa, resulting in a claim
- Potential mention of some personal information to make the scam seem more genuine
- Payment demanded via Western Union to avoid problems or deportation
- The attack tactics may vary, but most of the common elements repeat themselves with minor variations.
By 2018, the scam has widened to target Indian students, too. The scammers switch things up a little and instead of vague claims of problems with immigration status, they now mention dubious packages addressed to the student. The only way out, of course, is to send a sizable chunk of money to fake police officers, who are cloning numbers to make it appear as though they’re really the Shanghai police department.
Renewing a visa scam
In 2019, the fake visa threat scam adds an unexpected development into the mix. A first year student had their laptop stolen at Heathrow Airport, and then shortly after the phone calls began.
The scammers claimed to be the Chinese embassy, insisting the student had been referred by Chinese police officials claiming they were involved in a money laundering scam. At that point, they were passed onto the “police” themselves. So far, so typical. The only real odd thing up to this point is the stolen laptop. If you’re wondering how it fits into things, wonder no more.
Bogus websites and data uploads
A website purporting to belong to the prosecutor general’s office contained uploads of the student’s personal details, including her national ID card and photograph. All this information plus banking details had been left unsecured on the stolen device, and now the criminals were determined to make full use of it.
By the time they’d forced the student to upload a recorded statement to the social media site QQ and threatened her with deportation and imprisonment via web streams of men dressed up as police, they were likely too panicked to realise where they’d obtained all this information from in the first place.
A dent in your personal finances
£30,000 was sent to the fake police/embassy officials, and the money was gone forever. Organisations have warned of similar attacks taking place on Chinese students, but the airport connection is particularly disturbing. It’s possible students are being targeted on arrival, with the stolen details sent to mainland China where the groups set up the fake websites then set about contacting potential victims.
It could, of course, be an entirely random theft, though it stretches probability somewhat to think the laptop stealer randomly decided to hand over personal information—quite randomly—to random scammers in China, who then very randomly indeed start dressing up as policemen.
In my humble opinion, this seems…unlikely.
This attack is particularly insidious, as there are a huge amount of changes to take in for a new arrival to the UK, and new students would just put a laptop theft down to bad luck. They almost certainly wouldn’t know about the targeting taking place or have had a chance to see one of many warning pages on university websites.
They’ll just receive a strange, terrifying phone call one day and then see themselves plastered all over fake embassy websites. At that point, they’re almost certainly doomed to send fraudsters large sums of money. Even without the bogus threat of jail time on return to China, penalties for visa holders in the UK can severely impact future career prospects.
Portable device security tips
We’ve published a lot of advice on the Labs blog over the years regarding physical device security, and quite a bit of it is applicable here for students who are always out and about with devices galore. While none of these will neatly fit into your own personal threat model, you’ll hopefully be able to pick and choose the tips most relevant to your needs.
Do you have an iPhone you need to lock down? Passwords, screen notifications, and event loss procedures are all covered here.
Do you want some methods for securing sensitive data? Look no further, especially if you need some advice for secure messaging apps, locking down data, and whether to store it in the cloud.
Would you like some general travel tips? We’ve got you covered.
If you really want to make sure nobody has tampered with your device while away from your dorm, there’s an awful lot of options to choose from. Be warned, not all of these are probably warranty friendly.
Finally, don’t forget the old classic of putting your leg through a laptop bag strap when sitting at a busy location to prevent chance snatch and grab attacks.
Keep visa scam thieves at bay
These are terrible attacks aimed at people who spend a small fortune to be able to go to the UK and study, often with significant student debt—even if some do come from rich families. Universities aren’t often best equipped to know about sophisticated scams, much less warn students about them. Indeed, it’s to their credit that so many do.
Even so, criminals don’t just target students in the UK. They also go after students from mainland China studying in Hong Kong, with one unfortunate victim handing over just shy of half a million dollars to scammers.
This is one attack where not only education is key, but a little bit of preventative action, too. The Home Office via UKVI will never cold call you demanding money for vague-sounding immigration problems, nor will they tell you about suspicious packages addressed in your name. Neither will law enforcement agencies jump into a quick VoiP chat asking for cash. Should you run into anything like this, don’t send them a thing and report what happened to your university immediately.
Students have enough to worry about without this adding to their woes, so let’s see if we can help steer them safely in the direction of “not today, thanks” and keep their money exactly where it should be.
Christopher Boyd is the Lead Malware Intelligence Analyst and Former Director of Research at FaceTime Security Labs.