Home > Blog > Loss Control Insights for Schools

Loss Control Insights for Schools

7 Tips for Avoiding Impersonation Fraud

To communities, schools are pillars for education. To fraudsters, they’re a target for quick payoff opportunities. Fraudsters are increasingly targeting schools using impersonation fraud, a scam where a fraudster pretends to be a school administrator, employee or vendor requesting a payment or payment change. If not detected early, impersonation fraud can lead to significant financial losses. Here’s what your school staff should know.

What Does Impersonation Fraud Look Like?

Impersonation fraud can be conducted via email, phone, fax or letters in the mail. To pass themselves off as authentic, these fraudulent communications may include personally identifying employee information (e.g., Social Security numbers), school-specific direct deposit forms or voided checks obtained in prior phishing attacks on district personnel.

Email is the preferred choice for fraudsters in many cases. These emails will mimic the address of the individual allegedly requesting a payment or payment change. In all instances of impersonation fraud, the goal is to trick school personnel into direct-depositing funds into fraudulent accounts.

How Can Impersonation Fraud Be Detected?

Common indicators of impersonation fraud include communications with consistent spelling or grammar mistakes, a significant sense of urgency, requests to confirm personal information, suspicious email addresses or website links. Being aware of these indicators is a great first step to stopping fraud in its tracks.

How Can Schools Avoid Becoming Victims of Impersonation Fraud?

To steer clear of impersonation fraud, school personnel should:

  • Remember that fraud can occur on any communications channel—not just over email
  • Be educated about phishing scams that help fraudsters acquire the information and documentation needed for impersonation fraud
  • Verify the identity of any individual or entity making an electronic payment request by using contact information not provided in the request or by setting up an in-person meeting
  • Notify and confirm with management any instruction to issue payment and/or alter payment procedures
  • Use a dual control system for payments (e.g., two employees must approve payments or changes to payment information) to avoid a single person becoming victim to fraud
  • Review accounts frequently for any discrepancies or errors
  • Establish a training program for how to recognize, question and authenticate requests for payments or payment transfers

When in doubt, raising a concern is always preferable to letting a potentially fraudulent transaction go through. Take action and you can help your school stay safe.

Blog brought to ATI by EMC: https://www.emcins.com/losscontrol/insights-d/newsletters/school/2019/04-1/