Warning for providers as SFA named in fraudster ‘spear fishing’ campaign
Email fraudsters are targeting FE and skills providers by posing as the Skills Funding Agency.
The sector has been warned about ‘phishing’ attempts to get bank details. Deceptive emails have been reported, asking for details that would allow the sender to take money from the provider’s bank account — a practice known as phishing.
One attempt is known of and it proved unsuccessful, but the agency has asked providers to report any suspicious emails they receive. The Association of Employment and Learning Providers has also alerted its members to the issue in its weekly Countdown newsletter.
An agency spokesperson told FE Week: “We have been made aware of a phishing attempt, where a person/body has used the agency name as a cover to attempt to obtain the bank details of a provider.
“We ask providers to be aware and remain vigilant. If you receive any phishing emails, please inform your relationship manager so we can provide intelligence to the police about this attempted fraud.”
Tony Neate (pictured), chief executive of government internet advisory body Get Safe Online, said it was common for fraudsters to pose as government agencies.
“Phishing has been happening for years but recently it’s become very sophisticated, using targeted phishing or ‘spear phishing’, which targets an individual with the sort of email they would expect to receive,” he said.
“This happens with all the major banks, retailers, government departments — we’ve even seen phishing emails with the Get Safe Online logo on them.
“Students have been sent emails supposedly from the Student Loans Company — it’s to do with money so you’re going to take it seriously and many students did hand over their details.”
He urged providers to be on their guard about emails asking for any company or personal details.
“It’s unlikely banks or government agencies will ever ask for your details by email, so check it comes from an email address and a URL you recognise — for example if the website is usually a .com address, be careful if an email has come from a .tv address,” he said.
“Check any landline numbers and street addresses given match those on an organisation’s website and check it comes from the person you’d usually deal with — if not, contact them and ask if they know anything about it.
“Above all, be cautious, be suspicious.”
Have you been targeted? Send any ‘phishing’ emails you have received, purporting to be from the Skills Funding Agency, to firstname.lastname@example.org