Summertime Fraud Watch: 10 Ways to Stay Vigilant

#Business

Erin Werra

by Erin Werra

Erin Werra Edtech Thought Leader

Read time:

Beware these scams and learn what steps can help mitigate fraud in the business office.

Internal threats

1. Skimming cash before or after recording

Cold hard cash might sound like the way to go, but it presents a golden opportunity for fraudsters to intercept funds before they make it to the bank. Someone accepting cash may choose to give a receipt and then pocket all or some of the money before updating the ledger. They may even skip the receipt entirely. Without an accurate record, it’s easy for cash to walk out the door.

What to do: Move toward becoming a cashless school, monitor cash-heavy transactions closely (vending machines, admission to events, school stores), and require receipts.

2. Tampering with checks

Cashing personal checks out of school cash funds presents another opportunity to skim money. Someone with control of the school ledger may write a personal check for cash, then delay depositing the check and essentially enjoy a loan from the school funds.

What to do: Rely on more secure transactions and forbid cashing personal checks from school cash funds. Request copies of all checks from the bank to track and double-check.

3. Fake vendors

The truth is, what really hurts about internal threats is the trust broken. An ERP system is a vast tool and a huge responsibility, but also a clever way for people to take advantage. Dishonest people add vendors that don’t exist, link those accounts to their own, and pay themselves, all while mimicking legit vendor payments.

What to do: Similar to phishing emails, look for names that seem right but are off by a letter or digit.

4. Excess purchases

Occasionally people take advantage of their niche knowledge to fly under the radar of the school business office. When buying bulk items, they may add more than what they really need in order to use or pocket the difference for personal gain. Alternatively, they may “accidentally” purchase the wrong size or type of item, conveniently able to put it to use personally.

What to do: Require descriptions as well as part/inventory numbers, add layers of review/inventory, and open visibility to anyone at any time.

5. Payroll fraud

Examples include paying subs that didn’t work, allowing others to work on behalf of an employee, or creating sham roles in the district payroll for family members of school employees who don’t actually perform the work.

What to do: Perform a surprise audit, have an air-tight nepotism policy, and use data mining to compare payroll totals with hours worked.

External threats

1. Ransomware

Ransomware needs a way to get in, which can be achieved in a multitude of ways: phishing, sketchy websites, and even in-person delivery (more on that later).

What to do: Back up data, train people, and maintain constant vigilance.

2. Password stealing

Did you know even students are interested in cracking your data defenses? Whomever it might be, make it difficult to guess or acquire a password.

What to do: Try a passphrase, consider a password-changing policy, and use a trustworthy SSO.

3. Phishing

Phony emails are designed to trick folks into giving up information. Does your district have a phishing test strategy yet?

What to do: Don’t trust your inbox without verification! Know how to spot subtle hints—slightly off grammar, links that don’t go where they say they will, extra junk in email addresses. Go to the actual portal/application instead of using email links. NEVER give your credentials to anyone!

4. MFA fraud

We know, it’s exhausting to add additional verification steps. But it’s worth it to stay secure!

What to do: Train folks and update your MFA policies to include verification codes to combat MFA fatigue.

5. Tailgating

With school out for summer, it’s true that unfamiliar faces will come and go in the form of temporary employees, repair and maintenance, and other unusual crews. Don’t simply be a pal and hold the door open for a potential hacker/criminal.

What to do: Maintain building security and require verification that folks in the building need to be there. Don’t slack during the summer!