The Charity Commission has issued a regulatory alert to independent schools, warning them to be aware of fraudulent requests for payments.
Yesterday the Commission said that schools should look out for fraudsters placing themselves between schools and parents to obtain payments.
Its warning is based on information in recent reports to Action Fraud, the UK’s fraud reporting centre, over payment diversion fraud – where payments are either created falsely or diverted.
The Commission said that in some cases schools’ email system had been compromised, so emails were sent directing parents to the fraudsters bank account.
In other cases the email used was very similar to that of the charity’s, for example the email address would use two ‘ns’ instead of an ‘m’ to fool parents.
“In several instances there has been a strong element of manipulation to the scam, with fraudsters building trust with victims through contact by phone, email or other direct messaging,” the Commission warned. “Often, the fraudulent email promises a discount for early fee payments.”
Public trust issue
Michelle Russell, director of investigations, monitoring and enforcement at the Charity Commission, said: “We are urging all charitable schools and parents to be alert to this. If they suspect they’ve fallen victim to payment diversion fraud, they should report this immediately to Action Fraud, and to the Commission, under its serious incident reporting regime.
“By working together we will ensure these fraudsters do not prey on charities, parents and pupils in this way. Such scams not only divert precious funds away from the pupils and schools that need them, but harm public trust and confidence in the charity and education sectors more widely.”
Advice to schools
The Commission said there were a number of steps that charities should take to prevent fraud. They are:
- ensure all administration staff are aware of this fraud
- ensure staff are aware of cyber-protection protocols and understand not to open links or attachments from unexpected or suspicious emails. Doing so may compromise the school’s email system
- review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols
- review internal policies and procedures for managing fee payments and ensure these are communicated clearly to parents
- consider using a ‘payment gateway’ for the receipt of funds from parents
- ensure computer systems are secure and that antivirus software is up to date
- to help combat ‘typo squatting’, consider registering similar domain names