Diversion fraud – police issue warning to schools

News Article

A police warning has been issued to both private and state schools after a recent spate of fraudulent activity involving scam emails that are targeting payments from parents.

In a number of cases, fraudsters have placed themselves in the middle of transactions between parents and schools.

The latest scam involves the fraudster contacting parents, outlining details and payment instructions for the latest school fees.  Initial contact appears to primarily be made via email and often from the school’s own compromised email system.  However the City of London Police’s National Fraud Intelligence Bureau (NFIB) has also seen instances where the email address used is similar to that of the school (e.g. ‘nn’ instead of an ‘m’).

The victim is tricked into making the required payment into the bank account which is in the control of the fraudster.  By the time the fraud has been identified, the funds have already been moved.

In several instances the email has encouraged victims to act quickly, with the fraudster suggesting a discount on the fees can be obtained if the parents pay early.

Although the latest scam involved private schools, state schools could also be targeted with fake requests for contributions to school funds or student trips.

A number of police forces have issued the following advice to schools:

  • Ensure all administration staff are aware of this fraud
  • Ensure staff are aware of protocols regarding not opening links or attachments from unexpected or suspicious emails in the event the email system may be compromised
  • Review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols
  • Review internal procedures regarding how the fee payments are requested and ensure these are relayed to the parents so they can easily identify suspicious requests
  • Ensure computer systems are secure and that antivirus software is up to date.
  • To help combat “typo squatting” the school could consider registering similar domain names
  • Ensure required security updates to computer systems are completed
  • Ensure parents are aware of the scam and encourage them to be wary of unsolicited emails purporting to come from the school

Carey Jacobs, a partner in Palmers, said: “This latest spate of fraudulent activity demonstrates that the prevention of cybercrime is an increasingly worrying challenge for schools.

“Palmers has been at the forefront of raising local awareness about the risks of cybercrime and its potentially devastating impact. We have hosted a series of successful joint seminars on this important issue, which we are planning to run again later in the year.

“We also have a network of contacts who are committed to helping local businesses stay safe and reduce their risk of becoming a victim of commercial cybercrime.”

For more information on issues relating to cybercrime and Palmers’ cyber-crime prevention events, please contact us.