Fraudsters are placing themselves in the middle of transactions between parents and private schools in an attempt to con them out of money, it has been suggested.
In this scam, a fraudster contacts parents outlining details & payment instructions for the latest school fees. Initial contact appears to primarily be made via email and often from the school’s own compromised email system.
However, the National Fraud Intelligence Bureau (NFIB) has also seen instances where the email address used is similar to that of the school (i.e. nn instead of an m).
The victim then makes the required payment into the bank account which is in the control of the fraudster. By the time the fraud has been identified, the funds have already been dissipated.
In several instances, there has been a strong social engineering element at play within the email, with the fraudster suggesting a discount on the fees can be obtained if parents pay early.
Tips For Parents
- Always verify email payment changes in respect of payment fees with the school directly using established contact details you have on file, especially for ones which are not expected or for a different amount than expected.
- Always review requests to changes for payment requests. Check for inconsistencies or grammatical errors, such as a misspelt school name or a slightly different email address.
- Don’t be afraid to verify details when being asked to make fee payments into a new bank account.
Tips For Schools
- Ensure all administration staff are aware of this fraud.
- Ensure staff are aware of protocols regarding not opening links or attachments from unexpected or suspicious emails in the event the email system may get compromised.
- Review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols.
- Review internal procedures regarding how the fee payments are requested and ensure these are relayed to the parents so they can easily identify suspicious requests.
- Ensure computer systems are secure and that antivirus software is up to date.
- To help combat “typo squatting” the school could consider registering similar domain names.
- Ensure required security updates to computer systems are completed.
- Consider using a payment gateway for any monies required to be received from parents.
If you do fall victim to an online shopping scam, report what happened to Action Fraud online or via 0300 123 2040.
If you have fallen victim to a local trader, contact Warwickshire Trading Standards, via Citizens Advice Consumer Service on 03454 040 506.
You can also receive support from Warwickshire Victim Support, on 01926 682 693, following any cyber crime.