Independent schools and parents are being targeted by a sophisticated diversion fraud, the Charity Commission warns.
The fraud appears to begin with fraudsters compromising the school’s email and computer systems and then sending a series of innocuous emails to parents, purporting to be from the school establishing contact. The Charity Commission reports that the fraudsters build up trust with the parents through contact by phone and email.
The fraudsters then send an invoice to the parents requesting payment of school fees; however, the payment details are not the school’s bank account. The fraudsters, in effect, place themselves between the school and the parents in order to steal money.
The Charity Commission has issued some helpful guidance on preventing this fraud for parents and schools, which can be accessed on the link below:
In the meantime, the key points from the alert are as follows:
Prevention advice for schools
- Ensure all administration staff are aware of this fraud.
- Ensure staff are aware of cyber-protection protocols and understand NOT to open links or attachments from unexpected or suspicious emails. Doing so may compromise the school’s email system.
- Review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols.
- Review internal policies and procedures for managing fee payments and ensure these are communicated clearly to parents.
- Consider using a ‘payment gateway’ for the receipt of funds from parents.
- Ensure computer systems are secure and that antivirus software is up to date.
- To help combat ‘typo squatting’, consider registering similar domain names.