laptop showing virtual connectivity

Independent schools (and parents) beware of invoice fraud

We are seeing an increasing number of clients fall victim to invoice fraud, commonly this is where a cyber criminal is able to send invoices that look genuine in the hope that they get paid into the criminal’s bank account 다운로드. Quite a few people have paid what they thought were genuine bills from suppliers only to find they were fake.

Insurance company CFC gives a good example of where it was not the school that was stung but the parents: The bursar of this fee paying boarding school received a believable email from who they thought was Microsoft asking them to login, but was in fact a criminal phishing for details 이미지 파일 다운로드. The bursar obediently entered the login details so he could get on with his work, at which point the criminals now had unrestricted access to the bursar’s computer system 파나소닉 다운로드.

The criminal used their new found knowledge to send emails to parents offering discounted fees to those who paid early. The criminal cleverly restricted his emails to foreign parents who might be less questioning and, as parents of boarders, they would be paying bigger fees 영화 알라딘 다운로드. The deadline also encouraged quick response and a sense of urgency that instinctively removes suspicion. As the criminal had access to all the bursar’s previous documents & emails, the fraudulent email could be designed to look just like all the others 에이지 오브 엠파이어2 다운로드. To avoid being spotted by the school, the criminal also set up a separate email account, which looked almost identical to the bursar’s, and sent his emails out from there 진격의 거인 무료 다운로드.

Unfortunately, six parents were tempted by the discount and paid the criminal, thankfully another parent emailed the school admin office to discuss the offer and the alarm was then raised 쇼퍼홀릭 다운로드. Two of the conned parents were able to recover their money but the other four could not.

As the school had been responsible for the breach and therefore enabled the crime they refunded the losses – it goes without saying that boarding fees for four pupils are not insignificant 다운로드.

There are lots of lessons to learn here, including:

  • Use multi factor authentication so one password alone is not sufficient to gain access to your systems 다운로드.
  • Beware of phishing emails
  • Question and check invoices for authenticity and beware special offers and time deadlines
  • Purchase cyber crime insurance that covers invoice fraud, in particular not just payments you might make but payments your customers are tricked into making 네로7.

If you would like assistance or advice on cyber security or cyber crime insurance please contact the Sutcliffe & Co team on 01905 21681 or send us a note

Duncan Sutcliffe
Director, Sutcliffe & Co Insurance Brokers - Worcester, Worcestershire