The banking sector is seeing a spike in frauds against the education sector

FREE fraud awareness training

The banking sector is seeing a spike in frauds against the education sector - with some clients losing funds.  In response, Lloyds Bank have been in touch, offering schools and education settings access to their free training.

 

The training provides a chance to work through scenarios based on real life fraud cases - and has guidance on keeping your organisation safe.

 

Here are details of three fraud attacks on schools and education settings this week alone.

 

Case 1 = a 20 school MAT

The School Business Manager received an e-mail from a member of staff asking them to change their bank details on the payroll system. 

 

They acted on the e-mail alone, but it turned out that the e-mail account had been hacked and the bank details provided were the fraudsters.

 

Case 2 = a 20 school MAT

The finance administrator at a school had her e-mail account hacked. 

 

She received an e-mail (with what now looks like a fake address) asking her to change the bank details for a known supplier. 

 

The e-mail said that the person would be in meetings so would be difficult to get hold of for verbal verification. 

 

The school emailed back to thank them for the information and to advise that they would have to phone them to verify the details.

 

Before the school could make the independent verification call to a number from the supplier’s website, the fraudster then called the school to complete the verbal verification.

 

The school accepted this verification, and a payment was made that day.

 

Case 3 = a 19 school MAT.

Another example of invoice fraud where supplier bank account details were amended without full procedures being followed.

 

---

 

All cases involved phishing and schools released information or clicked on malicious links which have uploaded malware for fraudsters to monitor school finance tasks.

 

Email compromise is by far the most common scam and Lloyds are seeing quite a few cases where schools are paying a salary payment for a member of their staff, to a new bank account number advised by email.

 

All schools, academies, colleges, and universities need to be aware that:

• Email alone, should not be relied upon for communicating details of payments and receiving bank account numbers. This applies to all payments, including salary payments to staff and payments to suppliers.
   
• Any new bank account number should be independently verified (not by replying to or using details in the email)
   
• Phone the genuine payment beneficiary or staff member using a phone number known to be correct, not one from the email.

 

Lloyds have launched a free Interactive Fraud Training Course for all organisations and their staff.

 

It includes a series of short interactive modules which cover important topics including online scams, ransomware, email fraud, phone, and text fraud.

 

It takes about 30 minutes to complete all modules, and you can revisit the training as often as you like if you want to complete it in stages, or if you want to revisit a module again.

 

It’s a great way to help raise awareness of fraud scams across an organisation so consider making it part of the training for all staff.

 

You can access the training here.