Crooks Cold-Calling UK Schools and Tricking Staff Into Installing Ransomware

Share this…

The “ActionFraud” UK National Fraud & Cyber Crime Reporting Center has issued an alert this week to UK educational institutes, warning against cyber-criminals cold-calling British schools and tricking staffers into installing ransomware on the school’s computers.

According to the alert, crooks are posing as government officials and asking for the phone and email address for the school’s head teacher or financial administrator.

The scammers convince the person who answered the phone to provide the desired information by saying they need to deliver sensitive files and must make sure the head teacher or financial administrator receives them.

In most cases, crooks say they have to deliver files about exam guidance procedures or mental health assessments, which they don’t want to land in generic school inboxes, due to their sensitive nature.

Scammers have been very active, successful

According to the ActionFraud center, crooks deliver an email with a ZIP file attached, which contains an Excel or Word document. Users that opened these files have had their computers infected with ransomware.

Several schools have had their computer network locked down by ransomware after receiving these type of calls.

In some cases, the ransom note asked by the ransomware was as high as £8,000 ($9,800).

According to ActionFraud experts, the scammers are easy to recognize because they make a simple mistake. During their phone calls, they claim to be from the Department of Education, but the Department’s real title is the Department for Education. This small detail could help British schools identify scammers during their initial calls.

Cold-calling victims is becoming a regular attack vector

UK schools have been the target of similar phone calls in the past few months. In previous cases, the scammers posed as employees from the Department for Work and Pensions and various telecoms providers.

Named spear-vishing, this technique has been used with regularity in the past few months. According to security firm Trustwave, the infamous Carbanak (Anunak) group has been calling tech support representatives in the call centers of large enterprises and tricking support staffers into running malware on their computers.

In those attacks, the Carbanak gang distributed RATs or backdoors in order to scout potential targets and get precious information about a company’s internal network.