Education establishments must take precautions against fraudsters targeting schools to install ransomware on computers

In an increasingly digital age criminals are becoming savvier in gaining access to data, and it’s not just individuals who are targeted by fraudsters. The latest ransomware scam is directed at education establishments.

Action Fraud warned schools to be vigilant after fraudsters managed to scam some establishments into installing ransomware on computers.

Cold calling and email scam

The organisation, which is the UK’s national reporting centre for fraud and cybercrime, said fraudsters were initially cold calling schools claiming to be from the “Department of Education”. Callers then asked for the personal email and/or phone number of the headteacher or the financial administrator.

This was done under the pretence of sending guidance forms to the headteacher, which the fraudsters said because of the sensitive data involved must be sent directly, not to a generic school email address.

Within the emails is an attachment, often masked as an Excel or Word document, but the file contained ransomware. Once it is downloaded the files are encrypted and the fraudsters demand money to recover the files.

This is not the first scam of its type to be worked. Recently, fraudsters claimed to be working for the Department for Work and Pensions and telecoms providers to gain access to data. Last year, Lincolnshire County Council was hit by a ransomware scam. Fraudsters demanded £1m to fix the problems.

Protecting data from scammers

Schools are being urged to ensure they are sufficiently protected from this kind of scam. This includes ensuring virus protection is up-to-date, although Action Fraud warned this will not always protect computer systems from fraudsters.

The organisations said people should be aware that even if scammers know personal details about the headteacher it is vital to consider how this information was gained. Are these details, for example, listed on the website?

Also, pay attention to the language used. The Department of Education is not a government department. It is in fact called the Department for Education.

Other measures to protect from scammers and fraudsters is to show care when opening links or attachments. Unsolicited emails or SMS messages should be treated with care. Action Fraud also urges caution over email addresses, which can be ‘spoofed’ to make them look authentic.

Furthermore, always install software updates when they become available as these often include fixes for security vulnerabilities.

Lastly, Action Fraud says to ensure backups of important files are saved elsewhere such as an external hard drive, memory stick or cloud server.


Please enter your comment!
Please enter your name here