Please be aware of fraudulent diversion of school fee payments by cyber-criminals.
The tactics reported generally relate to a diversion of fee payments into a new bank account. Changes to banking details by schools and education service providers will always come with significant advance warning.
It is reported that Fraudsters are able to compromise school IT systems, which are often unsecure, usually through a phishing attack, and criminals then gain access to the school's emails and contact list to email parents, explaining that the school's payment details have changed, and issue a new invoice with their own account information.
Parents who respond to request a confirmation will have their emails diverted to the fraudsters so the school will not receive them.
The money transferred is usually emptied from the fraudster's account within hours and those who pay by bank transfer have a very little chance of getting their money back as the payments are not protected. Furthermore, banks are not obliged to refund the stolen cash, as they are with unauthorised or fraudulent payments on credit and debit cards.
Despite parents being tricked into transferring funds banks will say the payments were "authorised" and they simply followed the payee's instructions.
Any changes to bank account information for the payment of fees will usually provide those affected with a significant advance notice. Those parents who fall under James-Lee’s services will also be provided with a suitable method for fee payers to corroborate any such change. If you receive any calls or email regarding the change of payment methods or information, please call the appropriate school before proceeding and follow the advice by the UK Charity Commission:
Verify any email payment request to the school.
Be vigilant. Check any inconsistencies and errors like spellings and school information.
Call the school and verify details if being asked to make fee payments into a new bank account.