jump to navigation

An international school’s encounter with internet pirates May 24, 2011

Posted by Alex, Managing Director in Conferences, International education.

While we were out in Istanbul at the ECIS Administrators’ Conference recently, we heard some disturbing news from the International School of Stavanger, Norway, that we wanted to share with as many people as possible.

Dr. Linda M. Duevel, Director of the school takes up the story...

Over the past several months, the International School of Stavanger has been challenged with a new and unpleasant phenomenon – being taken ‘virtual hostage’ by internet pirates.

We have learned some things along the way that may be of use to other school administrators. We do not seek sympathy by sharing the story, but rather seek to alert other schools that they are just as vulnerable as we were. Schools may wish to consider how they will react if the same thing happens. The bad news is while we are all vulnerable, there are few safeguards.

When hearing about our situation at the recent ECIS conference in Istanbul, John Catt Educational offered to send the information out to their mailing list in the hopes of reaching more administrators.

The scenario…

In February, 2011 we started getting some emails from candidates applying for non-existent ESL and English teaching jobs. They referred to having seeing ads on various ESL employment websites.

When I went onto one of these websites, sure enough there was a posting for an ESL job at our school starting in May 2011. The job would pay benefits including 1800 Euro per month and the advert suggested applicants write to an individual (who really does work here), referring to her as the ‘Recruitment Manager.’

Of course, the job was pure fiction. Probably the silliest part is the idea that we would be paying a Euro-based salary. The Norwegian Kroner is the only currency we use for salary payments. (However, that last piece of information is also what has led the police to believe that this mischief had been accomplished not by a disgruntled individual with a possible connection to the school, but was probably was a ‘phishing’ expedition.)

Things evolved when our innocent employee, whose name was being used, started getting email responses from unwitting candidates reacting to the long list of questions that she had supposedly sent them to reply to. The candidates found our employee’s real email address by going onto our website, to get in touch with the school after getting suspicious. But too often by the time they did that, they had already sent in their personal information to the fake email addresses.

The next surprise was to learn that our entire website had been cloned. A domain name was set up very similar to our own. The scammers then completely copied our website making changes ONLY to the ‘Employment’ section where again, the fake jobs were listed.

The object of the pirates is to extort money from unsuspecting candidates for the non-existent jobs at our school. After answering the questions and sending in personal details including passport copies, the candidates were requested first to send €900 for the first two months rent of the ‘accommodation’ our school would ostensibly provide – to be returned at ‘orientation’ – and another €470 for a Visa processing fee. (Remember – this is to a school in a country that does not use the Euro as its currency!)

Once that money was received, then they would ask for more, and then more: next for a ‘national medical card’; next for a local ‘teaching certificate’; and on and on. We know of individuals in Ireland, England and Australia who have sent in money.

One person told us she has sent in €6,500! She told us her husband had questioned her on whether the job could be a fake, but she was quite sure it wasn’t as she had multiple Skype conversations and an interview with me. The ‘other me’ described having a ‘problem’ with the Skype reception and so ‘my’ face couldn’t be seen.

While we know of how many have contacted us, we don’t know how many others may be out there packing their bags to move to Norway for ‘orientation’ at the end of May. We are aware that air tickets had been bought by several individuals believing that they had a job here.

All the requests for money came along with a fake contract with my ‘signature’, neither of which looked anything like the real thing – but how would the candidate know that?

The money was to be sent to a Western Union address in Spain, because… “Our finance department in Norway is currently busy so they can’t accept payments from selected candidates at the moment. That is why we have shifted that responsibility to our office in Spain…”

Again, this sounds like an implausible answer but apparently there are enough people out there willing to trust the answers to allow the pirates earn a living.

The result has been a huge amount of time sending kindly responses to over 100 ‘candidates’ who contact us in a bewildered, confused and angry state at what has happened when they have figured out how to get in touch with the real ISS. While they haven’t levelled those emotions at our school, they are understandably upset with themselves for falling for the trick.

I’ve found myself responding to stressed out individuals who have now sent along a lot of their personal details and documents to an email address that has nothing to do with us. Not surprisingly, they are concerned that they were duped and the shadow of identity theft now hangs over their heads.

And I can only respond to the ones who become sceptical and find out that there may be a problem and get in contact with us. We have no way of knowing how many others are out there that we have not heard from – perhaps they will walk through our door in late May when they are supposed to arrived for ‘orientation.’

It used to be that the internet scam emails we all have received were so implausible that it was simple to just hit the delete button. What I have learned through this process is the crooks are getting cleverer. Many of the ‘candidates’ that I have talked to are smart individuals who sincerely thought they were applying for a real job. From my perspective, I can see many red flags – but enough people applied to remind me that what seems apparent is not always the case.

My advice to you – talk to your own IT folks and see if there are additional safeguards you can take now. Should we have thought to buy up the domains for isstavanger.com, .net, .co.uk and .org before? No – there are so many combinations that it is a simple thing for someone dishonest to easily come up with a plausible name for your school website address. And opening fake email and Skype addresses is a very simple thing.

By all means, put a disclaimer on your website ‘Employment’ page warning applicants to beware of internet job scams. We have been gratified that some of the providers, including Skype, immediately shut down the fake accounts when we notified them, but new ones can easily be opened. And a number of the ESL employment websites have not heeded our requests to remove the fake advertisements.

We have been very pleased at how quickly and how seriously the police and the internet watchdog groups gave advice to our school. But unfortunately there is not a great deal they can do to stop the problem. In our case, we have traced the sources of the scam to three different continents. While the amount of money sent in to ‘our Spanish office’ is a sizable loss to the candidates, in the world of internet crime the amounts are small enough that the police can’t use their already overloaded resources to track them down.

In each of the cases where we know people have sent money in, they reported back to us that when they approached their local police the response was basically: “You sent personal documents and money to an internet scam. We are sorry, but we can’t help you beyond suggesting that you do not do it again.”

Why our school? I don’t know, and I doubt that we are the only school being singled out. If a school notices that it suddenly starts getting applicants for non-existent jobs, rather than just deleting the emails, you should do some investigation. After several months of hearing from many candidates the number has now quieted down to just a few each week. That is good for us, but just means that the criminals will migrate onto another school where they can set up another scam and try to soak more money out of more unsuspecting applicants.

While we can’t do much more here than what we have been doing, whatever can be done to keep other schools and unwitting candidates from being victimized, I believe, will be in the best interest of all international schools. If our experience here at the International School of Stavanger helps someone avoid the same issues, I will be very pleased.

Beware and good luck to all of us in avoiding this exceedingly nasty distraction from our real jobs of working with teaching and learning.

Please do share this story with colleagues in your own school and in your networking group. For the moment it seems, vigilance is the only defence.



1. Edutainment - May 26, 2011

A word to the wise; while it is important that this news is disseminated through the international school community, beware who widely it travels. You could be putting ideas in peoples’ heads!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: