Cybercriminals are always seeking new targets. Organisations receiving large payments, and with poorly secured IT systems are a treasure trove for hackers. Their latest campaign attacks private schools, with the aim of tricking parents into paying thousands of pounds of school fees to fraudsters’ accounts.
Unfortunately, many private schools lack adequate digital security. Cybercriminals are using phishing attacks to compromise school email systems to obtain parent’s data and contact details. A common tactic involves emailing parents to explain the school’s payment details have changed, and issuing a new invoice with their own bank details. Parents who reply to the email for confirmation, risk emailing the hackers instead.
It has been reported that one parent with three children at an independent school paid £70,000 to hackers after being offered a 10 per cent “early bird” discount.
“These emails can seem very real” says Colin Tankard, Digital Pathway’s Managing Director, “And, whilst the private school sector seems to be the latest target of these fraudsters, they are certainly not the first or will be the last.
“Always hover your cursor over the URL and check that the address is correct. Sometimes it may differ by one digit or letter, so vigilance is key”, he adds.
Schools and parents who find themselves the victim of these attacks are unlikely to recover their money. Payment by bank transfer is not protected, and few schools have taken out cyber insurance. For the few that have, only 38 percent of policies cover this type of crime.
Staff need to receive ongoing training to help them identify phishing scams that enable hackers to gain access to their systems.
In addition, schools need to act quickly to ensure they are protecting the personal data they store and process. On 25th May 2018, the General Data Protection Regulations (GDPR) will replace the Data Protection Act. Failure to protect their systems from unauthorised access could see independent schools hit with colossal fines.
Compliance requires preparation, including auditing what information is held, and where, assessing threats, training staff, and updating policies and systems.
In light of the current email scam, independent schools should use a GDPR-compliant secure email service. Utilising end-to-end encryption, messages are protected from unauthorised access and e-mails rendered trusted and binding. Hackers are unable to decrypt the information being passed between the organisation and individuals. This restores confidence in email communications, knowing messages have come from a trusted source and are being sent to the intended recipient.
Our secure email service turns regular email into secure electronic communication. It is convenient, integrating with existing email solutions, and makes regular email compliant with GDPR.
With schools holding large amounts of sensitive and personal data, independent school fees attracting cyber criminals, and the imminent arrival of GDPR, it is essential schools invest in their digital security to protect themselves, their students and parents.
For advice and support with protecting your organisation from cyber security threats, contact us on 0844 586 0040 or email firstname.lastname@example.org.