The Journal for Executive and Governance Leaders

Fraud in the Education Sector

Throughout 2018, the threat to schools from fraudsters has compounded – not only are schools’ finance teams being targeted through malicious emails or vishing (telephone) scams but their pupils also face an increasing threat. They too are vulnerable to scams, but equally worryingly fraudsters also look to vulnerable young people to launder their criminal funds, enlisting pupils to unwittingly transfer proceeds of crime through the banking system.

With the threat of fraud continuing to grow, schools, not only need to look to protect themselves from scams, but also recognise that their pupils are also vulnerable to approaches from fraudsters. It is therefore now vital that schools look to embed fraud awareness across the whole of their organisation.

Within the Finance Team
Schools should look to ensure that their finance team is familiar with the following key scams operated by fraudsters:

  • CEO Fraud – Within a school, this type of fraud would see fraudulent emails which are made to look like they’ve been sent by a senior member of staff, asking for a payment to be made.
  • Invoice Fraud – A fake request, often received by email or letter to change bank account numbers of beneficiaries paid by a school.
  • Vishing (Telephone Scams) – Fraudsters purporting to be from a trusted organisation such as a bank or internet service provider, phone a school and attempt to trick staff into either:
    • Divulging online banking passwords
    • Making a payment to what they don’t realise is a fraudulent account or
    • Downloading software which allows the fraudster to take remote control of a school’s computer and or passwords.

It is critical that the Finance team know how to detect and prevent these types of fraud, by following these key tips:

  1. Don’t rely on the email address appearing to be legitimate or the wording to be familiar when it comes to making payments or changing a beneficiary’s bank account details. Email accounts can be hacked and crucial details such as account numbers and sort codes changed.
  2. All requests received from a supplier or another beneficiary asking to change the account number for any payments, should be checked using an alternative communication method, such as phoning a named contact using a number known to be correct.
  3. Authenticate phone calls from banks and other organisations by calling them back on an independently sourced number e.g. bank website.
  4. Never rely on the number appearing on your caller display as confirmation of the source of the call. These numbers are now being spoofed with easy to obtain software.
  5. Ensure all colleagues are aware that banks will never ask for online passwords, PIN’s or card and reader codes.

Information on these and other fraud scams can also be found by visiting www.lloydsbank.com/fraud

Within the Curriculum
As students are now more tech savvy than they ever have been, they too are vulnerable to the approaches of fraudsters, this may be as the target of a scam or to act as a ‘money mule’ – where students are paid a small fee for transferring criminal funds through their account.

With the threat of fraud continuing to grow, schools, not only need to look to protect themselves from scams, but also recognise that their pupils are also vulnerable to approaches from fraudsters.

Ian Buss
This is often under the guise of either a fake job advert on social media, or to help out a ‘friend’ who needs funds transferred to them.

It is therefore vital that schools now include Fraud Education within their curriculum. CIFAS (UK fraud prevention service) together with PSHE Association, the national body for Personal, Social, Health and Economic education have recently published a number of Anti-Fraud lesson plans targeted at 11-16 year olds and cover Key Stage 3 and 4.

The lessons aim to help students:

  • Recognise what fraud is, why they may be targeted and how to seek support;
  • Explain the consequences of committing fraud;
  • Develop skills to protect their online information and personal data; and
  • Develop skills to critically evaluate the reliability of online content in relation to scams

The lesson plans can be found here.