A report from The Telegraph has revealed that criminal hackers are targeting UK private schools with poor online security. Parents are warned to be on high alert as a new term commences and invoices are issued. Cyber criminals are able to exploit vulnerabilities within schools’ IT systems, “which are often unsecure”, and are free to launch phishing campaigns.
Neil Hare-Brown of Cyber|Decider said that, in the last few months, he had investigated incidents at six private schools where insurance claims had been filed.
The phishing attack impersonates the school and advises unbeknown parents that payment information has been updated. Those parents who question the changes by replying to the email are actually replying to the cyber criminals, who of course reassure them that the changes are legitimate. If in doubt, rather than replying to an email, it is advisable to call the organisation – the school in this case – directly to confirm.
Mr Hare-Brown continued by saying that there had been an uptick in the number of schools being targeted as cyber criminals have caught on to the scam.
Private schools in particular are a favoured target because they’re considered to be a lucrative market where parents are likely to have higher disposable incomes.
Ryan Wilk, vice president at NuData Security, said:
This warning should make private schools sit up and take notice of the threat cybercrime and fraud present, and the damage this kind of scam could do to their reputation.
Phishing attacks are increasing in volume and severity, so it’s important to remain vigilant and increase awareness. Cyber criminals are one step ahead and their tactics are constantly changing in order to remain undetected. Phishing scams are common within the education sector in general because of the amount of personal data that they store.