Parents who have made payments to UK schools recently via the WisePay service have been told their card details have been compromised due to a hack of the WisePay website.
Around 300 schools have been affected by this scam, as the hacker was able to obtain payment details from between October 2 and 5 via a spoof page. According to the company, a page was modified during the attack so when users clicked to make a payment they were redirected to a legitimate-looking external page controlled by the hacker, from where card details were collected.
However according to WisePay only a small number of parents would have used the system before it was taken offline as the payments made through the site, such as for exam fees and school meals, are not made on a daily basis.
The attack occurred on a Friday night and was noticed the following Monday with the site taken down. It has since come back online with assurances it is now safe to use. WisePay have further advised it does not store any payment information and none of its records had been leaked. In a letter to schools, it has recommended that parents who may have been affected should pause or cancel their credit cards and change their online banking passwords.
Commenting on the news, David Emm, Principal Security Researcher at Kaspersky, said: “The news around school payment services being hit by a cyberattack is yet another reminder of how cybercriminals target all areas of our lives. With most schools now using these services for school meals, trips and other activities, it’s essential that providers conduct regular audits to identify and fix any security issues. Equally, parents using the service should take precautions to minimise the risk of falling victim to fraud on any site where they make purchases. Our advice for guardians would be as follows:
- Protect any device you use for online transactions with a proven security product, ideally one that includes features to secure online transactions, such as Kaspersky Security Cloud
- Apply updates to your operating system and applications as soon as they become available
- Only use official apps for mobile banking
- Only ever access sites by typing the address into your browser – never go to a website from a link in an email and then enter personal details
- Always ensure when transacting business online that the URL starts HTTPS (rather than just HTTP) and has the padlock icon
- Download Kaspersky Safe Kids to also protect your children online.”
WisePay is an online school payments service that allows parents and guardians to make cashless payments to schools and colleges. Beginning operations since 2007, payments for meals, sports activities, exams and any other student fees can be made through its site, facilitating over £500 million in payments by 2017.