Fraudsters are calling schools, claiming to be ‘from the Department of Education’. They then ask to be given the personal email address or phone number of the head teacher, or the school finance manager.
The fraudsters claim that they need to send guidance forms to the head teacher (examples to date have varied from exam guidance, to mental health assessments); they will claim that they need to send these documents directly to the head teacher or finance manager and not to a generic school inbox, as the email or documents contain sensitive information.
The emails which they have then sent include an attachment: a ‘.zip’ file, potentially masked as an Excel or Word document. This attachment will contain ‘ransomware’, that once opened, or downloaded, will encrypt files. At this point, the fraudsters will demand money – up to £8,000 in some cases – to recover the files.
Similar ‘ransomware’ attempts have been made recently by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers: in this case they have claimed that they need to email the head teacher about the school’s ‘internet systems’.
Schools should take the following actions:
- Although the fraudsters may know the name of the head teacher and use this to convince the school they are a real employee of a government department or telecom provider, be mindful of where these have been obtained from, usually these are listed on the school or Council’s public facing website.
- Fraudsters have been saying they are from the “Department of Education” rather than the “Department for Education”.
- Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.
- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
- Create regular backups of your important files to an external hard drive, or online storage provider. It’s important that the device you back up to aren’t left connected to your computer as any malware infection could spread to that too.
- Do not pay extortion demands as this only feeds into criminals' hands, and there's no guarantee that access to your files will be restored if you do pay.
- If you think your bank details have been compromised, you should immediately contact your bank.
- If your school has been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting the Action Fraud website (external link)