Fraud warning for independent schools

Published on 30 January 2018

Share this article

Unfortunately, my articles appear to be developing into a bit of a theme for the education sector and that theme is fraud. But this provides further evidence that schools are being targeted as they become more and more desperate for money to help towards tight budgets. Fraudsters will not be concerned over who they target, so long as they achieve their goal.

Recently the Charity Commission released details of a new fraud – “Payment Diversion Fraud” – which is targeting independent schools and parents.

How does it work?

Fraudsters are placing themselves in the middle of transactions between parents and schools by building trust with victims through contact by phone, email or other direct messaging. The fraudster will contact parents outlining details and payment instructions for the latest school fees (which will be obtainable from school websites). They even offer a discount for early fee payments.

The initial contact appears to be via email and often from the school’s own compromised email system. The National Fraud Investigation Bureau (NFIB) has also seen instances where the email address used is very similar to that of the school. For example the fraudster will use “nn” instead of an “m”.

The victim then makes the payment to a bank account which is under the fraudster’s control and by the time it has been noticed, the funds have gone.

What steps can parents take to prevent this?

Parents should always check the email address from the school and ensure it has been correctly spelt. If you receive a notification for a payment change, contact the school directly to ensure the details are correct. Also, be alert to unusual payment requests that perhaps aren’t consistent with the usual timing of the school’s payment requests or the level of discount is different to normal.

Carefully read the emails you receive. Usually, they will contain spelling or grammatical errors. These are clear warning signs.

What steps can schools take?

Schools should ensure all administration staff are aware of this fraud. Also ensure staff do not open any links or attachments from unexpected or suspicious emails – this may compromise the school’s email system.

Passwords should be strong and changed regularly. Ensure they are long and contain a combination of letters, symbols and numbers.

Ensure your school’s antivirus software is up to date. Do not download or use any “free” software as these aren’t as robust as others.

To combat “typosquatting”, consider registering similar domain names of the school’s website. This can help prevent fraudsters using similar email addresses.

Parents should also be made aware of this fraud so that they are vigilant.

Finally, consider using a “payment gateway” for the receipt of funds from parents.

What should both parties do?

If you or the school have fallen victim to payment diversion fraud or have seen an attempt, you should report it to Action Fraud.

In addition, if you are a registered charity, you should report this to the Charity Commission as a serious incident using the dedicated reporting facility: rsi@charitycommission.gsi.gov.uk

The Kreston UK Academies Benchmark Report 2018 will be released in the coming weeks. If you would like to ensure you receive an electronic copy of this hugely popular report then please complete the form, here.

Share this article

Close Expand

Subscribe to our newsletters

Our complimentary newsletters and event invitations are designed to provide you with regular updates, insight and guidance.

  • Business, finance and tax issuesPersonal finance, tax and wealth management issuesInternational business issuesCharity and not-for-profit issues
  • Academies and educationAgricultureFinancial servicesLife sciencesManufacturingProfessional practicesProperty and constructionTechnology
  • yes I agree I have read and accept the privacy policy and am happy for Kreston Reeves email commmunications I have selected above

You can unsubscribe from our email communications at any time by emailing datateam@krestonreeves.com or by clicking the 'unsubscribe' link found on all our email newsletters and event invitations.