The National Fraud Intelligence Bureau (NFIB) has issued an alert reporting an increase in the number of schools being targeted by fraudsters, which has resulted in “substantial financial losses” for a number of schools.
The particular incident highlighted by the NFIB involved fraudsters posing as a school’s headteacher by email and asking finance staff to authorise one-off, urgent bank transfers to be made ranging between £8,000 and £10,000.
This guidance outlines the steps schools can take to reduce the risk of falling victim to fraud.
Prevention and protection actions
In order to protect themselves against fraud and prevent incidents from occurring, schools should consider the following areas.
Policies and procedures
Anti-fraud and whistleblowing policies should be implemented across the school and kept up-to-date. All staff should be aware of these policies and any changes made should be communicated.
Ensure there are robust processes in place to verify any finance-related requests, especially requests that ask to change any supplier or payment details. Encourage staff to challenge any requests they think are suspicious, especially if a request is urgent and supposedly from a senior member of staff, such as the headteacher.
If a fraudster is presenting themselves as an employee or agency working with a school, their portrayal becomes more convincing dependent on the amount of information they have about a school. It is, therefore, vital to consider what sensitive information your school posts publically, such as staff names and email addresses, as this could be used by fraudsters.
Additionally, ensure any confidential documents handled by the school are properly disposed of when they are no longer needed.
Fraudsters can use fake email addresses to make it appear as though they are someone they are not, such as a member of staff. Do not open any attachments or links from emails that are unexpected or unusual. If a suspicious email has come from a member of staff, verify with them in person that it is legitimate or use a known secondary contact method.
Our Spotting Fake Emails Posters outline signs to look out for that may help identify emails that are not legitimate. The posters can be used to spread awareness of what to look out for, to reduce the risk of falling victim to email-related fraud.
The more staff know about the signs to look out for in relation to fraud, the more likely schools are to reduce their risk of falling victim to this crime.
Consider conducting regular fraud awareness training for staff, particularly finance staff. On a smaller scale, provide staff with leaflets or posters about what they should be looking out for and how to report any concerns.
Fraudulent incidents can be reported to Action Fraud – either by calling 0300 123 2040 or visiting their website. The Action Fraud website also contains more advice on how to prevent fraud from occurring.
Academy trusts must notify the ESFA of any instances of fraud that resulted in a financial loss of £5,000 individually or cumulatively in an academy’s financial year – any unusual or systematic fraud must also be reported.
Action Fraud (2018) ‘School Fraud – Chief Executive Officer’ <https://www.actionfraudalert.co.uk/da/209033/School_Fraud_-Chief_Executive_Officer.html> [Accessed: 5 March 2018]
ESFA (2016) ‘Academies: guide to reducing any risk of financial irregularities’ <https://www.gov.uk/guidance/academies-guide-to-reducing-any-risk-of-financial-irregularities> [Accessed: 5 March 2018]