There is a new attempt to defraud schools and colleges going around. The perpetrators are initially calling education establishments claiming to be from the Department of Education (remember the proper name is the Department for Education). They then ask to be given the personal email and/or phone number of the head teacher/financial administrator. The fraudsters then claim that they need to send guidance forms to the head teacher (these so far have varied from exam guidance to mental health assessments). The scammers on the phone will claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.
The emails will include an attachment – a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware, that once downloaded will encrypt files and demand money (up to £8000) to recover the files.
Schools should also be aware that they may also pose as Telecoms providers and in this in this case they need to speak to the head teacher about ‘internet systems’.
A few useful things to remember
- Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.
- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to aren’t left connected to your computer as any malware infection could spread to that too.