Government warns academies as email ‘phishing’ scams inflict financial losses

Academies and other educational institutions are being warned about new cyber-attacks which have already claimed some victims and resulted in financial losses.

The latest Education and Skills Funding Agency update, published today, contains information about a “phishing” scam – where a fraudster disguises as a trustworthy source in an electronic communication to trick people into giving them their personal details.

In this instance, the perpetrators are using the title of a genuine email which the user has replied to recently, in order to trick the user into believing the fake email is in fact authentic.

This email contains a link that takes the user to a website which requests user credentials, which the perpetrator uses to send “harmful” emails from the user’s account.

On a mobile device, the harmful email sometimes appears with a coloured button saying ‘Display Message’, according to the ESFA.

The fraudster then requests the user changes the bank account it uses for the Department for Education, the ESFA, or another payment provider.

They often uses multiple official email addresses to make their messages look legitimate.

If undiscovered, a payment may be made to the fraudulent account, the account could be emptied, and a new victim could be targeted.

The agency has said some victims of the attacks have suffered “financial losses” in consequence.

It advises users to ensure they have firewalls, strong passwords and anti-virus software in place, be alert to emails containing seemingly legitimate links, and check whoever sent the email is genuine before the user sends them passwords, data, or payment.

Users have been asked to email fraud.reports@education.gov.uk if they become aware of any phishing attempts.

The government warned of a “significant increase” in cyber crime against academy trusts earlier this year.

Data from the Information Commissioner’s Office shows that the number of cyber-attacks on schools has risen by 69 per cent in a year. Between July and September 2017, there were 26 such reports. In the same period this year, there were 44.

At the same time, the ESFA received 39 notifications of fraud and theft last year, and dealt with 31 cases of fraud or financial irregularity allegations.

If you have you been targeted by the above scam, send the ‘phishing’ emails you have received to news@schoolsweek.co.uk