Education for Education – Watch out School Admins and Head Teachers

We all know it isn’t an easy task being a teacher or working in educational administration or governance; lots of pressure, massive amounts of work and commitment, continuous assessments, changes to the rules thereof, funding difficulties, syllabi changes. Not to mention the children. What it must have been like to teach some of us here at ITC Towers is unimaginable.

It looks like things are not going to get any easier.

On the 4th of January 2017 the National Fraud and Cyber Reporting Centre released an alert directed to schools which details how very nasty criminals are targeting Schools with a sophisticated ransomware attack.

The scam works like this:

The school/college is called (usually the Head Teacher, Head Teacher’s Secretary or Finance department) from somebody claiming to be from the Department of Education. (NB: the correct name of course is The Department for Education, but this is apparently what the scamming script currently says).

The scammer says that they need to send (yet more) guidance forms directly to the Head Teacher.

Having obtained the correct email address and set the ‘Oh, no, not more shizzle from the Department For Education’ ball rolling, the scammers send a zip file which when opened infects the Head’s or Admin’s machine and encrypts the school’s data.

A ransom of up to £8,000 is then demanded.

The ActionFraud warning is here.

• It is imperative that admin staff at schools and colleges are made aware of this scam and are trained as soon as possible on this and other ‘phishing’ techniques

• It is also important that this alert is spread as far and wide across the education community as possible, so if you know a teacher, governor or anybody you think should know, please share

• If you can possibly help it, do not pay up

• Report the matter to the police (who you no doubt have on speed dial anyhow)

It is also vital that the best practice recommendations in the alert are followed

• Keep anti-virus software up to date (although this is far from fool proof)
• Although the scammers may know personal details about the head teacher and use these to convince you they are a real employee, be mindful of where these have been obtained from, are these listed on your public facing website?
• Please note that the “Department of Education” is not a real government department (the real name is the Department for Education – see above)
• Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication
• Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities
• Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to aren’t left in an insecure location or on the same network that your machines are connected to.

Welcome back to the New Year, the new term and the real world.