Grammar school’s email address used in phishing attack targeting parents
Threats / Grammar school’s email address used in phishing scam targeting parents
21 January 2019
The official email address of the bursar of Newcastle’s Royal Grammar School was used to send phishing emails to parents of students, asking them to pay school fees in Bitcoin to avail a 25% discount.
The phishing emails, riddled with spelling and grammatical errors, were sent out from the bursar’s email account to parents, asking them to pay school fees in Bitcoin on the same day in order to take advantage of a discount of 25 percent.
“We are aware that parents have received an email claiming you’ll receive a 25% discount on fees for passing over details or claiming that you can now pay by bitcoin/cryptocurrency.
“Please note these are phishing emails and should not be opened or any links clicked. We are currently investigating this breach and information will be passed on to all parents in due course,” said the Royal Grammar School in an official statement.
Fees at the Royal Grammar School in Newcastle range from £11,088 a year for junior pupils to £13,164 a year for senior school students. Had any of the parents fallen for the phishing scam, they would have lost thousands of pounds in one go and would have had no way to recover the lost money.
Several schools targeted using phishing scams: ICO
The Information Commissioner’s Office said that while it will assess the phishing scam as per the information provided, it said that it is also aware of “other phishing type attacks that have been targeted towards schools”.
John Fern, the headmaster of the Royal Grammar School, also wrote to all parents, informing them that the school never asks for money or bank details in this way and that the school is working with its email systems provider iSAMS to establish exactly what happened. iSAMS is yet to release a statement concerning the use of the bursar’s email account in the phishing scam.
This isn’t the first time that scammers have tried to lure students or their parents into making payments or sharing their financial information using the guise of genuine schools or universities. In late 2017, hackers masquerading as the Student Loan Company sent out emails to thousands of students, asking them to share their personal information on a web page to prevent their accounts from getting suspended.
“This phishing email displays a number of tell-tale signs of a scam including spelling and grammar errors. As the new university year begins, we are urging people to be especially cautious of emails that request personal details. Always contact your bank if you believe you have fallen victim to a scam,” said Action Fraud.
Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines