Browse news on some of the things you really need to know about – this is where we publish the things we think are most important.

Data protection and Brexit – business as usual

The UK left the European Union on 31st January and entered a Brexit transition period. During this period, which runs until the end of December 2020, it will be “business as usual” for data protection (i.e. the GDPR will continue to apply). Organisations in the UK that process personal data should continue to follow the ICO’s existing guidance for advice on their data protection obligations. During the transition period, organisations that offer goods or services to people in the EU do not need to appoint a European representative. The ICO has updated its Brexit FAQs to reflect this advice. The ICO will also continue to act as the lead supervisory authority for businesses and organisations operating in the UK.

Watch out for Vishing Fraud!

In the news there’s been an increase in the number of Schools and Colleges reporting vishing fraud attacks to their banks.

Vishing frauds are telephone scams, usually to obtain online banking passwords, confidential details or to persuade a client to transfer money out of their account.

What Happens:

  • In the cases so far, the fraudster is described as having a Scottish accent pertaining to be from the their Bank Fraud Team or their Banks Security department.
  • On the call fraudsters claim that a member of bank staff is being investigated over fraudulent activity and the school’s help is needed to catch them, or another approach used is they tell the school that there are outward payments flagged as suspicious, which need to be verified and stopped if fraudulent.
  • Fraudsters have used “spoofing” technology to make a recognised bank telephone number appear on the school’s incoming caller display, making the caller appear genuine. Lloyds Bank’s 0345 300 0000 has been used for this a number of times, however clearly they could easily switch to displaying different genuine numbers.
  • On one occasion a client was asked to create a payment with a reference ‘Stop Payment’ in an attempt by fraudsters to dupe the school into thinking they were stopping a fraudulent payment from leaving their account.

Action Required:

  • Don’t assume that a caller is from the Bank, even if the number they “appear” to be calling from looks genuine, or if the caller seems to know information about the school or their finances.
  • Do call the Bank on a known correct number, to verify that any callers are genuinely from the Bank.
  • Never provide online banking passwords or card and reader generated codes to ANYONE on the phone, and never in response to an email or text. A genuine Bank colleague will never ask for them.
  • Know that we will never ask them to transfer money to a safe account, or ask them to enter any information into their online banking service to “stop a fraudulent” payment.
  • Making all school admin aware of the above guidance is strongly recommended and any fraud attempts should be reported to their bank immediately.

Email:          Call: 01225 395959