We have worked with a number of organisations that have been scammed into changing bank details and so parting with large amounts of money. Often someone in that organisation initially received a phishing email to harvest indentity information. The relevant HR/Finance officer is then contacted by the hacker posing as the individual (or third party supplier) asking for a change in bank details. Often the HR/Finance officer will do some checks which might still result in a transfer of funds. Sometimes the HR/Finance officer believes they have spoken/checked with the bank. Stop Scams UK have a phone service which advises if you think you are on such a call to stop, hang up and dial 159 to speak directly to your bank.
159 is a secure number that connects you directly to your bank if you think you are being scammed. It works the same way as 101 for the police or 111 for the NHS.
159 will never call you. Only a fraudster will object to you calling 159.
When should I call 159?
- Someone contacts you saying they are from your bank - even if they are not suspicious.
- You receive a call asking you to transfer money or make a payment - even if it seems genuine.
- You receive a call asking you to transfer money or make a payment.
- You receive a call about a financial matter and it seems suspicious.
We are in the middle of a scams emergency. Scams cause harm and distress to consumers and undermine trust in businesses and economic activity and are all too prevalent. Both industry and government have struggled to respond to the growth in scams, not least because of the speed with which they have evolved.
-
Fraud is the most commonly experienced crime in the UK (the Crime Survey for England and Wales year ending December 2022).
-
We are twice as likely to be a victim of scamming than any other crime. The Office for National Statistics’ Crime Survey for the year to March 2023 reported that fraud accounts for 41% of all crimes committed in England and Wales.
-
The UK Finance fraud figures for 2022 show that criminals stole £1.2 billion last year, equivalent to £2,300 every minute.
-
Losses from Authorised Push Payment Fraud – a type of scam where victims are manipulated by criminals, often through social engineering, into making payments to scammers – remain stubbornly high at £485.2 million, and unauthorised fraud losses were unchanged from last year at £726.9 million.
Further information can be found:
Stop Scams UK
Further help and advice around managing data breaches can be found in our Data Breach Best Practice Area.
What to do in the event of a Cyber Attack
Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body.
The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to:
- Action Fraud on 0300 123 2040, or the Action Fraud website
- the DfE sector cyber team at
This email address is being protected from spambots. You need JavaScript enabled to view it.
You may also need to report to:
- the NCSC website if the incident or attack causes long term school closure, the closure of more than one school, or serious financial damage
- the ICO website within 72 hours, where a high risk data breach has or may have occurred
- your cyber insurance provider (if you have one), such as risk protection arrangement (RPA)
- Jisc, if you are a part of a further education institution
You must act in accordance with:
- Action Fraud guidance for reporting fraud and cyber crime
- Academy Trust Handbook Part 6, if you are part of an academy trust
- ICO requirements for reporting personal data breaches
Police investigations may find out if any compromised data has been published or sold and identify the perpetrator.
m. Preserving evidence is as important as recovering from the crime.
Forward suspicious emails toThis email address is being protected from spambots. You need JavaScript enabled to view it. . Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).