Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

This Intelligence Bulletin provides information

advertisement 
Cornwall Council Internal Audit Service
Schools’ Fraud Awareness Bulletin
July 2013
Cornwall Council receives intelligence related information and bulletins from
organisations (both national and local) providing information about possible
fraud risks or trends which may affect Council Services including schools.
Bulletins etc received recently have included a number of issues which may
be of relevance to schools and these are detailed below. We hope that you
will find the information to be beneficial. If you have any questions or would
like to seek advice on any fraud related matters, please do not hesitate to
contact Martin Curtis, Cornwall Council Fraud Area Manager on 01872
224291 or by emailing MLCurtis@cornwall.gov.uk
1. Beware of “Free” Internet Trials.
We are aware that some schools have been caught by a practice where they entered
into free internet trials and then forgot to cancel what is effectively a subscription
within the trial period. The schools were landed with significant bills.
In light of this, schools need to be aware of the importance of the timely cancellation
(as appropriate) of ‘free trials’ that they may sign up to over the internet, to ensure
they do not incur unexpected charges.
2. Unsolicited Bogus Invoice – SATS Test Online
Some schools in the Country have apparently received invoices for a year’s
subscription to SATs tests online in the sum of £99. Cheques were requested to be
made payable to ‘Backtrack Data UK’.
These invoices were effectively “proforma” invoices as they were marked “Please
ignore this subscription if you do not require it”.
If you receive one of these invoices, please, prior to passing it for payment, check to
ensure the subscription was actually requested.
3. Community Awareness Publication
Representatives from Community Initiatives Associates are reported as having
contacted a school suggesting they are from the Police and were focussing on road
safety awareness in the local area. It transpired that they were in fact selling
advertising space in the “Community Awareness Magazine”. See
http://www.communityinitiatives.co.uk/ for their website and further information.
Be careful when receiving any unsolicited calls – take time to research and ensure
that snap decisions are not made.
4. Misconduct Charge for Exeter City Council Employee
A former housing officer at Exeter City Council has been charged for allegedly
making and receiving unauthorised payments of £700,000 while he was an
employee.
The former employee is accused of nine charges linked to the alleged payments
claimed to have been made between October 2005 and January 2011. He is facing
several charges including theft, conspiracy to commit misconduct in public office and
fraud. Four other people, not employed by the local authority, are also facing
charges.
In view of the above please note that all payment procedures should have robust
internal controls in place to ensure that approved policies and procedures are being
adhered to by staff and are not being circumvented.
5. Unencrypted Laptops – Lost/Stolen
Over the last year Glasgow City Council had a series of data breaches, the latest of
which resulted in a fine from the Information Commissioner’s Office (ICO) of
£150,000 for the loss of two unencrypted and non-password protected laptops, which
contained information relating to 17,692 companies and 20,143 individuals.
The Information Commissioner’s Office recommends that any portable and mobile
devices e.g. laptops, USB sticks etc, used to store and transmit personal information
- the loss of which could cause damage or distress to individuals - should be
protected to the FIPs 140-2 encryption standard. If the information is compromised
and no action was taken to encrypt the data the Information Commissioner has
stated that regulatory action may be pursued.
Schools should therefore, have comprehensive and robust Information Management
and Information Security policies to ensure that all laptop/mobile devices are
appropriately encrypted, password protected and kept securely.
6. Computer Misuse
The Cornwall Council Computer Audit Team has undertaken a number of computer
forensic investigations within schools with regards to computer misuse. It is
imperative that each school has in place ICT Acceptable Usage polices for both staff
and pupils. As a minimum we would expect that all staff are asked to agree to abide
by the policy by signing and dating the Acceptable Usage Policy.
The Computer Audit team are equipped to undertake computer forensic
investigations. If there is any suspicion that inappropriate usage has occurred on a
school computer then please contact the Computer Audit Section (Donna Sutton
01872 322183) for advice on how to proceed. Please do not log onto the computer
and start your own investigation as this could alter the integrity of the evidence.
7. Mandate Fraud
We have been advised of several new mandate frauds in the last few weeks. We
therefore, recommend that you continue to be vigilant against such threats. It is
important that all requests relating to changes to banking details of
suppliers/creditors are robustly verified before any changes are applied.
8. Other Advertising Scams and Unsolicited Invoices.
We have been advised of a number of potentially suspect unsolicited advertising
invoices etc received by organisations, including schools e.g.
-----------------------------------------------------------------------------------------------
NB The invoice above was received by a school that did not place any order even
though the company has claimed to have a voice recording confirming the order.
9. Pressure Selling
We have been advised of a case where a council’s officers have been subject to
pressure selling and fraud by misrepresentation by the following advertising
companies, all of which are related subsidiaries of a company called Leisure
Information Services Ltd.
Representatives of the companies made false claims concerning their credentials to
the council officers and then attempted to pressurise junior officers into authorising
orders/contracts. Once it became clear what had happened the council concerned
subsequently took legal advice to void any orders/contracts.
The companies and subsidiaries involved were:
Environmental Project Services Ltd
Community Sport Ltd
Public Information Services Ltd
Area Health Information Services Ltd
Business and Community Services Ltd
Faces in Places Ltd
Community Development Services Ltd
10. X-Factor – Possible Scam
As a reminder we would like to mention again the possible scam reported in the
bulletin we sent out in June 2013.
A company claiming to be The X Factor is asking for schools to register their interest
to become involved with their annual charity single. Schools are invited to attend a
Christmas Recording taking place on 16th November 2013 at the ExCeL Centre
London. The company is requesting payment of £10.00 per person. Emails may
have come from info@xfactorchristmas.com, Communications Manager Jessica
Weller.
Essex County Council has informed us that they have contacted The X Factor and
ITV and have been advised by them that this is a scam. They confirmed to Essex
County Council that they would not approach schools in this manner and would not
ask for payment.
It is possible that other schools, for example those in Cornwall, could be targeted by
a similar scam and in light of this please remain vigilant.
If you have been contacted by The X Factor, received emails from the mentioned
email address, have had any dialogue with them or paid them any money we would
ask that you get in touch with Martin Fisher (Senior Trading Standards Officer) by
calling 01872 324362 or by emailing mfisher@cornwall.gov.uk
11. Bank Payment Error Form
The letter below requesting repayment of money was received by another
organisation and it has been confirmed that it did not originate from Santander Bank:
12. Row-X (www.row-x.com)
A rowing machine was ordered by a school in the South West of England but was
never received - several similar reports have also been made by other organisations.
It is believed that the business may be fictitious as the Police have a scrapyard
recorded as operating from the address.
Please always remember to remain vigilant and if you have any
suspicions of possible fraudulent activity being directed at schools, do
not hesitate to contact Internal Audit for advice/assistance.
NB the information detailed in this awareness bulletin should not be
made available to members of the public or other third parties.
Related documents
This Intelligence Bulletin provides information
This Intelligence Bulletin provides information
School Emergency Closures
School Emergency Closures
INTEGRATED SERVICES DESIGN LTD Environmental Policy
INTEGRATED SERVICES DESIGN LTD Environmental Policy
Jean Juneau - ataxingissue
Jean Juneau - ataxingissue
Using CommonKADS Method to Build Prototype System in
Using CommonKADS Method to Build Prototype System in
Introduction to your presentations
Introduction to your presentations
Appliances using mains electricity or batteries or both are identified &
Appliances using mains electricity or batteries or both are identified &
Action against fraud - Insurance Institute of India
Action against fraud - Insurance Institute of India
ENVIRONMENTAL POLICY – GLASS DIRECT
ENVIRONMENTAL POLICY – GLASS DIRECT
Download
advertisement