Cyber attacks on private schools significantly increased over the recent months, according to the chief executive of the Independent Schools’ Bursars Association. The authorities noted that hackers continue to breach vulnerable computer systems and access the personal information of parents whose data are stored on cloud-based apps. The hacked systems were then used to trick parents into paying for fake school fees, leeching them of thousands of pounds.
In one case, one parent was swindled by as much as $94,000 after being lured into a 10 percent ‘early bird’ discount. Cybersecurity experts stated that schools were rendered vulnerable to cyber attacks after transitioning to Google for Education, a version of the cloud-based app suite Google Docs.
"I’ve had six cases recently from schools and three more from parents. Typically a school’s admissions team is targeted with a phishing message, to which they fall victim. This could be purportedly from an organization such as an agent of the school. They use a [false]email of a person known to the school to send a shared document...which asks you to enter your username and password to view. Once they have that they can log into Google for Education as the school and access the administrator’s email," Neil Hare-Brown, a director at the digital investigations company Storm Guidance, said in a Brinkwire article.
The Metropolitan Police to the Independent Schools Council cautioned that the cyber attacks start with an email sent to the parents. The email indicates the latest payment details for school fees, the council said. According to the authorities, the email appears official and at times may be sent from the school’s hacked email system. This, in turn, enables hackers to take hold of the new bank details and divert the school fees into their bank accounts. (Related: Security alert: Voice impersonators can trick voice recognition systems, according to research.)
"All parents need to be cautious if you receive emails stating a change of payment detail or containing unexpected attachments. You should telephone the school on the usual number, not one contained within the email, and double check the validity of all information before making any payment," the council advised.
An article posted on the Daily Mail website listed five key tips for more secure online transactions. These pointers include:
This authentication process requires a login and password per usual, but also sends a unique numeric code to another device through various media including text message, email or a specialized app. Log in is refused if access to the other device was denied
Sources include: