Parents warned on school fees hacking scams
Private school fee payments have become a target because they are large (generally £4,000-£10,000 per term), and security within schools is generally poor.
Neil Hare-Brown, the CEO of Cyber|Decider said: “In 2017 we saw schools generally become a big target for cybercriminals. Their security is often poor, and their fees administration is largely undertaken out of their electronic mailbox which is often hosted online, making it easy to hijack.”
Scammers will typically send parents an email giving them payment details for school fees, saying these have changed. At the same time, hackers will have gained access to the school’s email, usually through an undiscovered phishing attack and the payments will be channelled through the hacker’s account. They also set up automatic rules so responses from parents requesting confirmation of authenticity get diverted to the hackers, so the school does not see them.
Other details gleaned from these phishing attacks, such as personal details of staff, children and parents, are sold to other cybercriminals using sites on the “dark web” for identity frauds.
Cyber|Decider said parents need to be wary of payment requests from schools or anyone by email, particularly those changing the previous arrangements. It recommends telephoning the school on its usual number, rather than emailing them, and double-checking verbally with the school before making the payment.
Hare-Brown added: “Parents with whom schools communicate generally use webmail, and often from insecure systems. Families and schools are sharing lots of information about payments for fees, trips and everything else, so these mailboxes hold lots of important personal data such as bank and credit card details, passport images, medical and family information. Many schools have moved their email systems online and use payment gateways, but often they use systems that are insecure.
“Also, school staff and parents are easily deceived, and scams operated over the holiday period when schools are closed, mean the alert won’t be raised quickly. This gives the criminals time to transfer funds with little chance of them returned.”
Related: See YourMoney.com’s How to pay for private school fees for more information.