Ensure all administration staff are aware of this fraud.
Ensure staff are aware of protocols regarding not opening links or attachments from unexpected or suspicious emails in the event the email system may get compromised.
Review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols.
Review internal procedures regarding how the fee payments are requested and ensure these are relayed to the parents so they can easily identify suspicious requests.
Ensure computer systems are secure and that antivirus software is up to date.
To help combat “typo squatting” the school could consider registering similar domain names.
Ensure required security updates to computer systems are completed.
Consider using a payment gateway for any monies required to be received from parents.
Always verify email payment changes in respect of payment fees with the school directly using established contact details you have on file, especially for ones which are not expected or for a different amount than expected.
Always review requests to changes for payment requests. Check for inconsistencies or grammatical errors, such as a misspelt school name or a slightly different email address.
Don’t be afraid to verify details when being asked to make fee payments into a new bank account.