In a recent article on the BBC news website details were published about how a fee charging school was targeted in a cyber attack which accessed parents’ email addresses.
Fraudulent emails sent from school accounts offered a 25% discount on fees for paying quickly via the Bitcoin cryptocurrency.
Newcastle’s Royal Grammar School a private independent school warned parents of the “sophisticated attack”. It had been approached for comment.
The Information Commissioner’s Office (ICO) said other schools had been targeted and it was investigating.
In an email to parents, the grammar school’s headmaster, John Fern, said it had reported the attack to police.
Because of the “potential breach of data” in the use of parent’s email contacts, it is also liaising with the ICO, which is required under the General Data Protection Regulation. .
The emails, which included spelling, grammatical and punctuation errors, were sent on 29 December from the address of the school’s bursar, who is responsible for fees.
The school told parents it was working with the company that provides its email systems, iSAMS, to “establish exactly what happened”. iSAMS said it would be issuing a statement.
Mr Fern told parents the school would “never ask for money or bank details in this way” and apologised. No financial details were accessed, he added.
The ICO did not provide details of how many schools were affected but said: “[We are] aware of other phishing type attacks that have been targeted towards schools.
“Royal Grammar School has made us aware of an incident and we will assess the information provided.”
Parents – Always check with the school before making payments
All private schools will have clear payment instructions, usually included with each invoice for a terms’ fees and any extras. Most will include a remittance advice, even though few people still pay their child’s school fees by cheque.
If you do receive an email with details that vary in any way from that on the remittance advice then you should contact your school’s accounts department immediately as other parents may not notice the discrepancy.
Have you been affected by a cyber-scam?
If so, were you able to receive a full reimbursement of your funds or were they lost permanently?