The National Fraud Intelligence Bureau (NFIB) has seen an increase in recent weeks in the volume of what is referred to as CEO Fraud reports whereby schools are the targeted victim. This has resulted in substantial financial losses for several schools that have fallen victim to this type of fraud.
The modus operandi is for a fraudster, who purports to be the Head Teacher/Principal, to contact a member of staff with responsibility for authorising financial transfers, and requests a one off, often urgent, bank transfer to be made. The amounts requested have been between £8,000 and £10,000.
Contact is made by email and from a spoofed email address which appears to be from the Head Teacher/Principal.
Once the transfer has been made the funds quickly disappear from the bank account into which the funds have been deposited.
- Schools need to ensure that they have robust processes in place to verify and corroborate all requests to make a payment or to change any supplier payment details. Get in touch with the supplier (or internal colleague) directly, using contact details you know to be correct, to confirm that a request you have received is legitimate.
- All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious, particularly urgent sounding requests from senior management.
- Sensitive information that is posted publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against schools. The more information they have about the school, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away.
Email addresses can be spoofed to appear as though an email is from someone you know. If an email is unexpected or unusual, then don’t click on the links or open the attachments, and go back to the person allegedly sending the email, to check the validity of the instruction, using a known telephone number or email address. Hovering over the email address from the fraudster will usually identify the true email address of the fraudster.
If you require any further information please contact Janet Bruce (01452 328889 or email email@example.com) or Carolyne Wignall (01452 328887 or email firstname.lastname@example.org)