Best Practice Update

Hacker wearing an orange hoodie leaning over a laptop with money raining down behind on a blue background.  Data Protection Education logo on the right hand side

If you suspect a financial scam .....

If you think someone is trying to trick you into handing over money, personal details or a change of salary information........ there is a way to report this with Stop Scams UK.
We have worked with a number of organisations that have been scammed into changing bank details and so parting with large amounts of money.  Often someone in that organisation initially received a phishing email to harvest indentity information.  The relevant HR/Finance officer is then contacted by the hacker posing as the individual (or third party supplier) asking for a change in bank details.  Often the HR/Finance officer will do some checks which might still result in a transfer of funds.  Sometimes the HR/Finance officer believes they have spoken/checked with the bank.  Stop Scams UK have a phone service which advises if you think you are on such a call to stop, hang up and dial 159 to speak directly to your bank.

159 is a secure number that connects you directly to your bank if you think you are being scammed. It works the same way as 101 for the police or 111 for the NHS.

159 will never call you. Only a fraudster will object to you calling 159.

When should I call 159?
  •  Someone contacts you saying they are from your bank - even if they are not suspicious.
  •  You receive a call asking you to transfer money or make a payment - even if it seems genuine.
  •  You receive a call asking you to transfer money or make a payment.
  •  You receive a call about a financial matter and it seems suspicious.
Stop Scams UK has full support from key sector regulators including Ofcom, the Financial Conduct Authority and the Information Commissioner’s Office.

We are in the middle of a scams emergency. Scams cause harm and distress to consumers and undermine trust in businesses and economic activity and are all too prevalent. Both industry and government have struggled to respond to the growth in scams, not least because of the speed with which they have evolved.

  • Fraud is the most commonly experienced crime in the UK (the Crime Survey for England and Wales year ending December 2022).

  • We are twice as likely to be a victim of scamming than any other crime. The Office for National Statistics’ Crime Survey for the year to March 2023 reported that fraud accounts for 41% of all crimes committed in England and Wales. 

  • The UK Finance fraud figures for 2022 show that criminals stole £1.2 billion last year, equivalent to £2,300 every minute.

  • Losses from Authorised Push Payment Fraud – a type of scam where victims are manipulated by criminals, often through social engineering, into making payments to scammers – remain stubbornly high at £485.2 million, and unauthorised fraud losses were unchanged from last year at £726.9 million.

    Further information can be found:
    Stop Scams UK

    Further help and advice around managing data breaches can be found in our Data Breach Best Practice Area.

    What to do in the event of a Cyber Attack 

    Tell someone!  Report to IT. Report to SLT.

    Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT 

    If you are a victim of a ransomware attack we would recommend reporting this to:
    Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.

    Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email This email address is being protected from spambots. You need JavaScript enabled to view it..

    These incidents should also be reported to the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it..

    Academy trusts have to report these attacks to ESFA.

    Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.

    Always ensure there are backups you can restore from.  Preserving evidence is as important as recovering from the crime.

    Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

    Little Guide to ACTION FRAUD

Search