Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Department for Education Warns Over Coronavirus School Meal Scam

Parents have been warned about a phishing scam that appears to be from the Department for Education, offering free school meals due to the Coronavirus pandemic.  

According to the National Crime Agency, there have been over 500 coronavirus-related scams and over 2000 phishing emails reported since the outbreak, with cybercriminals seeking to exploit fears and steal bank details, usernames and passwords. 

The recent scam targets families entitled to free school meals with a phishing email stating, “As schools are closed, if you’re entitled to free school meals, please send your bank details and we’ll make sure you’re supported”. 

The email then encourages the recipient to enter their bank details into a spoof website which will harvest the unsuspecting victim’s financial information. With these details, fraudsters can then use the account for money laundering, spend the victim’s money, or convert their funds into an untraceable currency, such as Bitcoin. They will even sell the bank details on the dark web. 

According to researchers, the dark web is awash with such credentials, which are sold for profit. A study found that the details required to access Lloyds Bank accounts with balances of roughly £5,000 were on sale for as little as £400 each. 

The scam follows the announcement that schools would be able to provide meals, or vouchers for supermarkets and shops, to ensure that children who are entitled to free school dinners still received food during the closures.

Crooks will often take advantage of current affairs and announcements, as victims are often less likely to double-check a domain or other suspicious details when the communication is timely and relevant. 

Guidance from the Department for Education has urged parents to be wary of these scams and to only go through official channels. In a statement, the Department for Education said “We can confirm that this is a scam email and is not official. We urge parents that if you receive any emails like this, please do not respond, and delete it immediately.” 

Phishing messages have been one of the most popular tools in the cybercriminal arsenal for years. However, the uncertainty of the current COVID-19 crisis has provided a new opportunity for them to take advantage whilst our attention is elsewhere. As the number of coronavirus-related phishing emails continue to spread, there are a number of simple ways to stay safe. 

How to Stay Safe from Coronavirus Phishing Scams 

  • Never click on links or download attachments from unknown sources. 
  • Always take time to think about a request for your personal information, and whether the request is appropriate. 
  • Seek information from trusted sources. 
  • Pay close attention to the spelling of an email or web address in it. If there are any inconsistencies, delete it immediately. 
  • Ignore and delete emails with poor grammar and formatting. 
  • Question the validity of any email that asks you to submit personal or financial information. 
  • Be suspicious of emails or text messages that are threatening or urgent in tone. 
  • Install the latest anti-virus software solutions on all your devices. 
  • Use strong, unique passwords to reduce the chance of devices being hacked. 
  • Consider the use of a password manager to maintain the security of multiple accounts. 

Free Coronavirus Awareness Assets

In this time of uncertainty, MetaCompliance is committed to supporting organisations mitigate the risk of cyber threats.

To help communicate good cyber hygiene and vigilance, we have created a bank of free digital assets, which you can use to support your communications during this challenging time.

Click here to access your free awareness assets.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations