Recently my in-laws nearly became the victim of vishing – a telephone scam. The baddies pretending to be BT rang my in-laws early on a Saturday morning to tell them their broadband was being compromised by somebody in Amsterdam. “BT” needed to gain access to their laptop to check what was going on. My in-laws dutifully switched on their laptop and downloaded the widely available software TeamViewer in order that the nice person on the end of the phone could talk them through what they needed to do next. Which was of course to look at their bank account to transfer £20 to “BT” in order to get a engineer who was in the area to come to their home and sort out the issue. “BT” were persistent so when the internet banking card reader wouldn’t work (flat battery) they suggested my mother-in-law (MIL) went to the bank right away to transfer the money. They took her mobile number and called her a number of times as she made her way to the bank. Luckily whilst walking to the bank she rang my husband and told him her internet had been compromised. (My husband is the IT Technician for a variety of family and friends, due to his previous life, last century, of being a techie). He with all his cyber security training spotted this was a dodgy thing for “BT” to be doing and urged her not to transfer any money, she was insistent, so he told her ok pay £20 cash into the bank account, knowing this wasn’t going to be possible to then connect her bank account directly to “BT’s”. He then hot footed it to his parent’s house and switched the laptop into flight mode, straight away “BT” rang back wanting to know what had happened to the connection. Husband asked for their phone number and name as he had to change phones, this they shared and the call ended. Husband didn’t ring back, but they did, saying “you were going to ring us back – what happened?” husband said “its ok I’ve got the number to ring on the back of the BT bill here”. Quick as a flash they ended the call. Meanwhile at the Bank, MIL was desperately trying to pay £20 cash to “BT’s” bank account. Bank told her “sorry it has to be an electronic transfer cannot do it via cash”. MIL started to get flustered, well trained staff spotted there was an issue and asked why she needed to transfer the money, she told them, they quietly took her to a side room, gave her a coffee, blocked “BT’s” phone number on her mobile and the realisation at how close she had come to being a victim of fraud hit her.
The Bank’s care of my MIL was outstanding – they rang and spoke to my husband to reassure him that she was ok and would be coming home soon. How many times a week do Bank staff have to do this I wonder? When my husband rang the real BT to report the vishing, they could relay the story back to him as they had heard it so many times before. He is now registered on their BT account as someone to contact if there is any suspicious activity on the account. Could you do something similar for your parents?
So why am I sharing this? What has it got to do with school cyber security? Well it is the link between staff well-being and cyber security. If the vishing attempt had been successful, the impact on my in-laws and my husband and therefore me and my boys would have been massive. My husband was so cross that his parents had been targeted and that he hadn’t recognised their potential vulnerability to a cyber-attack. Imagine how he would have felt if his parents bank accounts had been cleared out? Now imagine one of your staff becoming a victim of a successful vishing attempt, what could the impact be on their attendance? their quality of work?
Cybersecurity is a shared responsibility and it boils down to this: in cyber security the more systems we secure, the more secure we all are. – Jeh Johnson
I’m also sharing this with you as I feel so strongly that we need to protect ourselves, our home IT systems and our school IT systems from these evil people who target us relentlessly (every 17 seconds there is an incident of financial fraud in the UK according to Financial Fraud Action UK, September 2016). When training for Duke of Edinburgh award expeditions many years ago, we were always told you have to walk at the pace of the slowest person, this was at times incredibly frustrating, but did mean we all walked together as a group and could help each other climb over stiles with massive backpacks on or reach for each other’s water bottles etc.. Cyber security is a bit like this, in that your IT system is only as strong as your weakest link. Consider your personal cyber security, how are your children or parents using the internet, what passwords and logins do they have? Do they use secure sites? For younger children you may have installed parental control software remember this isn’t a substitute for parental supervision of the child whilst they are accessing the software!
I’m also sharing this as schools remind parents and children about E-Safety, we take part in Safer Internet Day, next one is Tuesday 5th February 2019 https://www.saferinternet.org.uk/safer-internet-day/2019 but do we then personally take action? At school we use the phrase “every week, take a peek” to encourage parents to check for headlice! What phrase or time period should we use to remind ourselves to regularly check our own personal cyber security? All suggestions are welcome!
Please share and raise awareness within your own schools about personal and school cyber security.
Academy Business Leader