Fee fraud – what can schools do?

“Invoice fraud”“mandate fraud”“transfer fraud”: this particular scam has acquired many names over the years and now fraudsters are known to be targeting parents of children at independent schools.

Fraudsters obtain access to a school’s IT system (or replicate a school email). They then email parents informing them that the school’s account details have changed and provide them with new account details. These frauds are often highly sophisticated and fraudsters have developed systems in place that trick even the most wary of parents.

For example:

  • Intercepting emails from parents who have queried the email. They will then engage in an email exchange with the parent, impersonating a member of staff, to reassure and encourage the parent to make payment.
  • Producing their own fake invoices. Some people would suspect foul play if presented with account details within the body of an email but may be less likely to question an attached invoice. These invoices may be specifically designed to replicate genuine invoices.
  • Promising a reduction in school fees for early payment to encourage parents to act fast (and think later!).

Unfortunately, unlike other types of frauds, banks are not usually obliged to refund victims of invoice fraud because the account holder has authorised the payment to the specified account. If parents act quickly the bank may be able to freeze or recover funds but too often the fraudsters have already emptied the recipient account and disappeared. Parents are left out of pocket, schools are left to recover their fees, and the ugly question of blame arises.

What can schools do?

  1. Review your school’s insurance policies to see whether your policy covers fees stolen by invoice fraud.
  2. Regularly educate parents about the risk of school fee fraud and ask them to notify the school if they receive any fraudulent emails. This will allow you to warn other parents and investigate whether there has been a data breach.
  3. Notify parents that you will never update them about a change in bank details by email and include a security notice within your email footer.

For example:

Security Notice: Please be aware that fraudsters have been impersonating schools and some parents and guardians have been tricked into forwarding money to the wrong account. Due to this risk our bank details will NOT be sent to you in the body of an email nor will we ever notify you of a change in our banking details by email. If in doubt about our bank details please call us to verify them. Please note that we cannot accept responsibility if you transfer money into an incorrect account.”

If we can help in any way in relation to what to do if your school experiences invoice fraud, or if you are concerned that you have had a data breach, please contact Gordon Reid and we will be pleased to assist.