Cyber Decider warns parents that their children’s private school fees are the top target for cyber criminals

A cyber insurance company says that hackers are targeting private school fees, and parents should be careful, especially with invoices for next term being issued over the current weeks.

Cyber Decider says that school and private school fee payments particularly, are currently popular with cyber criminals because of the combination of them being large (generally £4,000-£10,000 per term), and poor cyber security at many schools makes for an easy target for hackers.

“In 2017 we saw schools generally become a big target for cybercriminals,” said Neil Hare-Brown, chief executive of Cyber Decider.

“In addition, the parents with whom they communicate generally use webmail, and often from insecure systems. Families and schools are sharing lots of information about payments for fees, trips and everything else, so these mailboxes hold lots of important personal data such as bank and credit card details, passport images, medical and family information.

He then went on to say that one of the problems was who would cover stolen school fees as many schools don’t have cyber insurance. He added that even those with policies should “check them carefully as many cyber insurance policies will not cover the money stolen.”

Below is information released by Cyber Decider:

How the scam typically works: 

  1. Parents receive an email giving them payment details for the school fees, perhaps saying these have changed.
  1. However, hackers have surreptitiously gained access to the school’s email, usually through an undiscovered phishing attack and in fact the payments will go into hacker’s account. They also set up automatic rules so responses from parents requesting confirmation of authenticity get diverted to the hackers, so the school does not see them.
  1. Parents make payments to the hacker’s bank account, which is emptied early in the next term, netting the criminals sometimes tens and often hundreds of thousands from a single school. From each single attack perspective, the amounts stolen are not high enough to warrant a full police investigation! Most fraudsters disappear without a trace and elude prosecution.
  1. Other details gained - such as personal details of staff, children and parents - are then either sold to other cybercriminals using sites on the “Dark Web” for identity frauds or used for this purpose by the original hackers later on.


What are the costs when school fees are stolen?


When such a scam operates, the typical costs are:

- The incident investigation costs including the need for specialist digital forensics, legal and PR advice.

- The accountancy costs of sorting out what was stolen and when and what wasn’t.

- The IT costs of ensuring the systems are no longer vulnerable.

- The lost school fees will fall on the school in many cases and, in others, parents (see table below).

- The costs of disruption, diversion of manpower and management time over the many weeks needed for resolution, as well as the loss of goodwill and reputation amongst parents and others affected.


How to stop such scams – advice for schools and parents:


Action for parents:

  • If you get payment requests from schools or anyone by email, especially one changing the previous arrangements, be very aware! Telephone the school on its normal number, don’t email them, and double-check verbally with the school before making the payment.


Actions for schools include:

  • All organisations taking payments, especially schools, should have suitable cyber security measures in place and to consider cyber insurance to provide cover for the costs of investigation, notification, compensation, remediation, theft of money and follow-on crimes.
  • Thorough and regular cyber security training for all staff, and ensure procedures are followed.
  • Avoid using generic mailbox accounts and do not perform school administration entirely ‘from the mailbox’.
  • Use a payment gateway for payments, but make sure it is thoroughly tested to ensure security.
  • Use a secure communications portal for use in communications with parents in all matters, including school fees.
  • Ensure two-step authentication is implemented on all online systems in use by the school.

School fees cyber scams – who picks up the costs:

 School has NO cyber insuranceSchool has cyber insurance

Incident investigation costs

Not covered

Covered as standard by 100% of policies

IT costs of fixing the problem and preventing its repetition

50% of policies covering “fixing” it to equivalent state before the hack. Only one policy covers fixing the problem so it does not happen again (ie upgrading)

School fees and other money stolen

Covered as standard by 38% of policies


Disruption and other costs from its impact

Covered as standard by 50% of policies