‘Department of Education’ phishing scam alert

‘Department of Education’ Phishing Scam

CREDIT: This story was first seen in About My Area

Fraudsters are initially calling education establishments claiming to be from the ‘Department of Education’ rather than the Department for Education, About My Area reports.

They then ask to be given the personal email and/or phone number of the headteacher/financial administrator. The fraudsters claim that they need to send guidance forms to the headteacher; these so far have varied from exam guidance to mental health assessments.

The scammers on the phone will claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.

The emails will include an attachment – a .zip file – potentially masked as an Excel or Word document. This attachment will contain ransomware, that once downloaded will encrypt files and demand money to recover the files.

It should be noted that similar scam attempts have been made recently by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers – in these cases they need to speak to the headteacher about ‘internet systems’.

Prevention Advice

Having up-to-date virus protection is essential; however, it will not always prevent you from becoming infected.

Consider the following actions:

  • Although the scammers may know personal details about the headteacher and use these to convince you they are a real employee, be mindful of where these have been obtained from, are these listed on your public facing website?
  • Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.
  • Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
  • Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to aren’t left connected to your computer as any malware infection could spread to that too.
  • Do not pay extortion demands as this only feeds into criminals’ hands, and there’s no guarantee that access to your files will be restored if you do pay.
  • If you think your bank details have been compromised, you should immediately contact your bank.
You might also like...  Locals concerned over proposed Welsh-medium school

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting actionfraud.police.uk

Be the first to comment

Leave a Reply

Your email address will not be published.


*