By: Tonya Mead, CFE, PI, MBA, MA Educational Psychology
Schools and universities are increasingly falling victim to fraud. In England, office receptionists answered calls from individuals asking for emails and phone numbers of administrators responsible for making key decisions. These scammers made the calls under the pretext that the contact information was needed by the state or federal department of education. In turn, the criminals emailed to the referrals, an infected zip file of Excel and Word documents.
After the unsuspecting school leader opens the infected email and the attached zip file, criminals demanded the equivalent of $10,000 to unlock the program (ransomware).
In the US, criminals attempt to steal school staff information recorded on IRS Form W-2 documents. Rather than making a cold call to the school receptionist, the criminals target the human resources or payroll department. They email an official looking request disguised as if it were sent by a federal, state, or district leader. The criminals request a list of school employees and their W-2 information. They then take this information and re-sell it on the black market for eventual identity theft or other financial crimes.
What to do if you or your school becomes a target?
- Immediately contact your local, district, state and federal education agency for further guidance
- Forward the W-2 scam email to firstname.lastname@example.org and place “W2 Scam” in the subject line
- Call the Federal Trade Commission at 1-877-FTC-HELP (1-877-382-4357) to report the scam
- Submit an online complaint by contacting the FBI Internet Crime Complaint Center at: https://www.ic3.gov/default.aspx
- Hack for enrollment
- 40 million vulnerable bank records
- Botnets and identity theft
- 23,000 student records hacked
Tonya J. Mead, CFE, PI, MBA, MA, Certified K-12 Administrator and School Psychologist is author of Fraud in Education: Beyond the Wrong Answer and president of Shared Knowledge, LLC http://ishareknowledge.com