The Complutense University warns of a cyberattack with fraudulent emails demanding 1,500 euros from its students

‍

The Complutense University of Madrid (UCM) has been the victim of a sophisticated phishing attack that last Sunday, October 26, tried to defraud hundreds of students by impersonating the institution itself. Cybercriminals sent mass emails demanding urgent payments of up to 1,500 euros for alleged delays in tuition fees.

​

The fraudulent message that alarmed the university community

The malicious email, written in a formal tone that mimicked the institutional style, began like this: “Hello. Despite our previous reminder, we still observed a delay in the payment of tuition fees in the amount of 1,500 euros. In addition, if your debt is not settled before 26/10/2025, we will need to send your file to our litigation department.”

The message urged students to make an immediate bank transfer and send the voucher to the address cuenta@ucm-es.live, a fraudulent domain that simulated the official university domain with a small change: from “ucm.es” to “ucm-es.live”. This tactic, known as Typosquatting, is common in phishing campaigns to generate confusion.

​

Quick response from the Complutense

Just minutes after the mass mailing of the fraudulent emails, at 1:19pm on Sunday, the Office of the Vice-Rector for Technology and Sustainability issued an urgent statement alerting the entire university community to the “wave of malicious messages” that imitated the school's official style.

The Vice Chancellor Jorge Jesús Gómez Sanz detailed the reasons why the email was false: “an urgent payment is requested so as not to let us think or contrast, an account that does not belong to the university is used and amounts are mentioned that do not match our official rates”. In addition, he confirmed that some emails redirected to bank accounts of French origin.

​

Scope of the attack: current and former students affected

The worrying thing about the incident is that not only the currently enrolled students received the email, but also former students who had already finished their studies or who had no current relationship with the UCM. This detail suggests a possible internal database leak that is being investigated.

Several students confirmed that the fraudulent email disappeared from their inboxes shortly after the official announcement, since the university has the capacity to delete messages within its own email system.

​

Background: The UCM is no stranger to cyberattacks

This is not the first security incident suffered by the Complutense. In May 2024, the university had already suffered a cyberattack that compromised the business practices management system, exposing personal data such as names, addresses, ID, emails and qualifications of thousands of students.

After that episode, the UCM announced a plan to reinforce cybersecurity, but the current attack shows that threats continue to evolve and that training and awareness are essential to prevent fraud.

​

Tips to protect yourself from university phishing attacks

The university has reminded its community that never request payments by email nor through direct bank transfers, since all official procedures are carried out on secure platforms. Some key recommendations:

• Always check the sender's address and be wary of slightly modified domains
• Don't click on suspicious links or download attachments
• Do not provide personal or bank details by mail or phone
• Consult directly with the administrative services if you have any questions
• Mark as spam and remove fraudulent emails immediately

‍

Is your institution ready to detect and prevent targeted phishing attacks?

‍At Apolo Cybersecurity, we form teams, audit infrastructures and design response protocols to protect educational and business organizations against advanced digital fraud.

‍