The Education and Skills Funding Agency (ESFA), an executive agency of the government of the UK, has published advice to deal with cyber scammers. This is especially for colleges which are falling victim of phishing scams. Fraudsters send genuine-looking emails to education providers to trick people into sending money or private information. ESFA has also suggested the education providers to retain the responsibility of being aware of the risk of fraud, theft, and irregularities.
Phishing scams and malvertising often happen when a victim downloads malicious code in his computer and even when they click or just hover over a link. These are the two traps about which ESFA has warned the colleges and other such institutions. ESFA has also released a list that includes five strategic questions that the education providers should use at the starting point of cyber risk in their organization.
The list is about 10 “Cyber Security Tests”, based on the National Cyber Security center’s 10 steps to cyber security’s guide. The list also includes email verification of senders before sharing any details regarding payment or data. College staff is also to be trained about the risk of using public Wi-Fi and not to follow payment checks.
This year, an education provider, Lakes College in Cumbria, fell victim of a cyber attack. Scammers carried a phishing scam and hacked the email account of principal, Chris Nattress, and sent a link to his contacts. Nattress’s contacts replied the scammers to check about the credibility of the email. The scammers changed the college’s phone number in the email signature by one digit and made such mobile numbers that seem genuine to the contacts. Luckily, the college’s digital team checked the issue before the time and handled the matter wisely.