Lloyds Banking Group, Commercial Banking Fraud team has identified a live Vishing Fraud campaign (telephone impersonation scam) targeting schools in England in the last two months.
Criminals are contacting schools by telephone impersonating trusted organisations including Bank Fraud departments, with the intention of tricking staff into releasing 2-factor authentication codes (e.g. card/reader codes) or getting staff to move money into new accounts on the pretence that they have been set up to protect funds in existing accounts which are said to have been compromised.
Spoofing technology is being used in the attack presenting the genuine telephone number of the organisation being impersonated on the caller display of the recipient, intended to persuade the target victim that the call is genuine.
This is an established and well known method of attack used by organised criminal groups. Lloyds have been alerting Commercial and Personal customers to this type of fraud for some time, but this is the first time we’ve detected this type of campaign specifically targeting the education sector.
Advice for Schools
Ensure that all staff involved in making or authorising payments are aware of the following guidance:-
Take care if being asked to divulge confidential or personal information over the phone, text or email even if the request seems genuine and regardless of what information the requestor describes
Verify the identity of the person/entity contacting you. Contact the company on a number obtained from a trusted and verified source e.g. public records, website
Your Bank will never ask for your online login or 2-factor authentication code details over the phone and will never ask you to move money to a ‘safe’ or ‘secure’ account
Consider setting up dual authorisation for online banking payments if not already in place
For further information, please visit the bank’s website or speak to your relationship management team.
UK Head of Education
Lloyds Bank SME