Whilst every effort is made to ensure that the material contained within all Derbyshire audit services' alerts is reliable, no representation is made that information is accurate or that legal or other guidance contained is correct.
Derbyshire audit services does not accept responsibility for any liabilities, losses or damages as a result of persons having relied upon the information provided. Any organisation should seek their own legal or professional advice where necessary in relation to any information contained in an alert.
Potentially fraudulent phone calls from Water Plus
It has been brought to the attention of Derbyshire Audit Services that Derbyshire schools and other organisations have received telephone calls claiming to be from Water Plus. Water Plus have confirmed that they have been targeted by the perpetrators and have reported the matter to the Police.
Although the caller knows some account details, they attempt to extract further information from account holders. The caller claims that there is an outstanding balance on the account and requests that payments are made over the phone using the School’s debit card. The phone number displayed is different to the telephone number which is detailed on Water Plus invoices.
Staff are reminded of the following advice when dealing with unsolicited phone calls requesting details and/or payments over the phone:
- don’t give out any personal, financial or sensitive information over the phone to anyone unless you are absolutely certain that it is safe to do so
- don’t feel pressured to disclose information
- if you are concerned about the source of a call ask them to provide you with a switchboard number, which you should subsequently check, or call them back using an established contact number
- remember the scheme of delegation for authorising invoices, ask the approver to check the request prior to making any payments. If you remain in doubt, seek further advice.
Chief Executive Officer (CEO) Fraud
The council has recently been advised of a significant increase in the number of schools targeted by fraudsters, making financial requests whilst purporting to be the Head Teacher or Principal. As these requests often concern the authorisation of financial transfers or ‘urgent’ one off payments of up to £10,000, a number of schools have suffered substantial financial losses as a result.
Contact is generally targeted with emails sent to staff holding financial management responsibilities, from spoofed email accounts or addresses very similar to that of the headteacher or principal. The instructions given are usually very basic and designed to put pressure on the recipient by requesting that the payment is made as soon as possible.
Staff awareness and compliance with robust internal payment procedures are vital in identifying fraudulent requests to ensure that only genuine payments are processed. In the event that school staff receive suspicious emails or suspected fraudulent payment requests, the details should be reported to audit services.
We are aware of an increase in spam emails being received by schools since the beginning of April 2017. These include emails which sometimes appear to be from a Derbyshire County Council source such as SchoolSAP and tend to contain what looks like legitimate information about O2, Vodafone and UPS accounts.
The document attached to this page explains how to spot the emails and the action that should be taken to remove them.