Fraudsters are using increasingly sophisticated techniques to cloak emails and disguise themselves as head teachers or principals by using spoofed (identical) email addresses or email addresses which are so similar that they look the same at a glance. They target staff members with responsibility for authorising financial transfers and trick them into making allegedly “urgent” transfers. Schools have reported losses worth between £8,000 – £10,000.
A variation on this kind of fraud involves an email from a “supplier” informing you of a last minute change to their bank account details shortly before you are due to make a payment.
You can take simple and effective steps to minimise the risk of falling victim to this kind of fraud:
- Encourage your staff to routinely verify and challenge requests for payment and warn them that urgent sounding requests from senior employees are suspicious and should be treated with caution. Always speak to the person who has made a request for a transfer to confirm the request is genuine, even if the message states it is urgent and that the sender cannot be reached.
- Beware clicking on links or opening attachments, even if the sender is apparently known to you. Always stop to consider who the email is from, whether it is unusual and why it has been sent to you.
- Minimise unauthorised access to sensitive information about you, your school or college by shredding confidential documents and ensuring that your IT systems (email and website) are not vulnerable to hacking. Always install the latest updates and consider having your systems tested by a specialist IT provider.
If you would like more information about how to protect your charity from fraud or to discuss a specific matter, please email us at [email protected] or call 020 7551 7777 and ask to speak to Rob Oakley or Mindy Jhittay.
All content on this page is correct as of February 21, 2018.