Academies are being warned to stay on high alert following “numerous reports” of attempted cyber fraud.
Fraudsters are posing as government officials in order to trick people into installing ransomware that encrypts files on victim’s computers, said Action Fraud.
The cyber criminals will contact schools claiming to be from the “Department of Education”, and will ask to be given the personal email and/or phone number of the head teacher or financial administrator.
Typically, the fraudsters will say that they need to send guidance forms to the head teacher, ranging from exam papers to mental health assessments.
Action Fraud said that these scammers will insist on sending the forms to a personal email address, rather than a generic school inbox, under the pretence of “sensitive information”.
Unbeknown to the recipient, the document will contain a dangerous form of ransomware, capable of taking control of an individual’s computer. The fraudster will then demand money from the school – up to £8,000 – for the documents to be returned safely.
Action Fraud has supplied the following information to protect against this type of fraud:
- Although the scammers may know personal details about the head teacher and use these to convince you they are a real employee, be mindful of where these have been obtained from, are these listed on your public facing website?
- Please note that the “Department of Education” is not a real government department (the real name is the Department for Education).
- Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.
- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to aren’t left.