You need cookies enabled

HEFCE closed at the end of March 2018. The information on this website is historical and is no longer maintained.

Many of HEFCE's functions will be continued by the Office for Students, the new regulator of higher education in England, and Research England, the new council within UK Research and Innovation.

The HEFCE domain - - will continue to function until September 2018. At this point we will close the site entirely and all its information will only be available from the National Web Archive.


You need cookies enabled

Countering fraud in the sector

We work with universities, colleges, and sector bodies - including the British Universities Finance Directors Group (BUFDG) and Council of Higher Education Internal Auditors (CHEIA) - to raise fraud awareness and develop counter-fraud activities in the higher education (HE) sector.

This includes involvement with a BUFDG-led working group. HEFCE also maintains a dialogue with the Government and with the Student Loans Company in relation to counter-fraud arrangements in the sector.

Alert system

As part of this initiative BUFDG launched a fraud alert system for higher education institutions The fraud alert service will increase fraud awareness and help reduce losses to fraud by coordinating and sharing counter-fraud intelligence across the HE sector.

Institutions can find more information about this by downloading the information sheet from the BUFDG website, or by emailing the BUFDG office on

Fraud notifications

Higher education institutions will still need to notify HEFCE of instances of significant frauds as part of the accountability requirements under the memorandum of assurance and accountability (that is, to report all frauds of £25,000, or higher, in value).

Case studies reported by institutions

Ransomware attacks

We have become increasingly aware of ransomware attacks on higher education organisations. Ransomware is where an external party takes control of an organisation's computer systems, information and data through a computer virus or malware, and threatens to sell, destroy or withhold that data unless a ransom is paid.

The sums of money involved are usually relatively small (up to £1000) and denominated in bitcoins (an internet currency). Organisations across the world have been targeted. The criminal, who could also be anywhere in the world, relies on generating a high volume of these small payments.

We ask all higher education providers to be alert to this risk and ensure that their antivirus and antimalware software is regularly updated to mitigate risk. Providers subject to such an attack must respond in the best interests of their organisation. However, we do not condone the payment of a ransom as it can encourage further attacks on other organisations. 

Forged changes to suppliers' bank account details

We have been notified of a number of frauds and attempted frauds involving forged changes to suppliers' bank account details documentation. Examples have used headed supplier stationery, included the university's customer reference number and also been supposedly signed by the supplier's Director of Finance.

The sums of money involved have been quite significant and institutions from across the country have been targeted. Although we are not aware that the frauds are linked, a number have involved construction companies presumably because payments to such suppliers tend to be larger.

We ask all institutions to be alert to this fraud risk and briefly review the controls that they have over changes to supplier details, and ensure that mitigating action is taken where necessary to minimise any fraud risk (for example, by independently verifying with the supplier the change to supplier details before it is actioned).

Impersonating a university to obtain credit and goods

A university found that fraudsters were impersonating the institution to obtain credit and the supply of goods to non-university addresses. The fraudsters were approaching suppliers for credit and submitting bogus purchase orders (looking like official ones). If the supplier did not identify the fraud, they supplied goods on credit. The fraudsters are using a recently created email domain (based in Bermuda), which is similar to the university’s real one.

The university is so far aware of over 30 suppliers being targeted but only a few have supplied goods and presented invoices to the university. The invoices were successfully intercepted and no payments were made, however given the volume of transactions processed every day there are potentially some risks. The scale of the operation is not known and it may be wider than has been detected so far. The university informed other institutions, in particular those where similar domain names appear to have been registered.

Tuition fees paid by students to third parties

During enrolment at the start of the  academic year, a small number of international students enrolled at a university, explaining that they had paid their fees in full. The university found, on investigating, that they could find no record of the payments. The university asked the students for more information. This revealed that, contrary to procedure, the students had paid their fees to an unrelated third party, rather than through the university’s online payment system. The third party subsequently stopped trading and the university commenced legal action to help the students recover their money.

Collusion to misrepresent travel expenses

A fraud was identified involving several staff members at an institution and a number of staff at the institution's travel supplier. This involved collusion to misrepresent business class travel (flights) as economy class travel on a research contract. The costs to the institution is expected to be round £25,000, representing the difference between the business and economy class costs that cannot be reimbursed through the contract. One member of the institution's staff resigned and an investigation was undertaken.

Tuition fee payment using stolen credit cards

An institution reported that a range of stolen credit cards were being used to pay students debts. The financial impact identified to date was around £23,000. Initial investigations suggest that this fraudulent scheme was being 'sold' to students and the police were investigating on this basis. The institution believed that the network of students being sold this scheme (if confirmed by the investigation) could extend beyond the reporting institution.

Diversion of supplier payments by staff member

An institution reported that approximately £570,000 was fraudulently obtained by a member of the Finance Office from the time when the individual joined the institution. Payments from suppliers were diverted into an account controlled by the staff member. The fraud was identified when the individual's bank became suspicious and notified the police. The staff member had recently left the institution and has since been arrested by the police.

Tuition fee fraud attempt

An institution reported the possible loss of up to £40,000. This arose from a number of students who attempted to pay part of their tuition fees using a variety of credit and debit cards which did not belong to them. The possible fraud was identified on rejection of the transactions by the card agent. The students themselves may have been victims of a fraud in which they were offered a discounted fee rate by an intermediary who then paid the 'discounted fee' to the institution on behalf of the student, with the student reimbursing the intermediary. The fee paid by the intermediary may have been made using stolen credit cards.

Misappropriation of cash payments for car parking

An institution reported the loss of approximately £120,000 from cash takings in relation to the public use of the institution's car parking facilities in the evenings and at weekends. The fraud was identified following installation of covert cameras in response to suspicions about cash handling in relation to these car parking facilities. Two staff members were dismissed by the institution and the police subsequently arrested and charged both individuals.

Printing and reprographics - overcharging for services

The institution reported a suspected fraud (potentially in excess of £1 million) in the printing and reprographics services over a seven year period. This related to overcharging for printing and paper supply by an outsourced service provider and other related matters. Internal audit have investigated the matter and the institution's audit committee has discussed the resulting report and have resolved to refer the matter to the police.

Conference payment

An institution received £60,850 in respect of a conference which did not go ahead, for which the quoted price was £26,350 plus VAT. A refund of £60,850 was made to a bank account in Abu Dhabi, after which it was discovered that the income came by a cheque which bounced.

Payments for services and equipment not delivered

A breach of trust involving a senior manager at an institution was reported. The fraud involved inappropriate payments to a consultancy owned by the senior manager and the employment of family members. The institution recovered the circa £300,000 that was involved and the senior manager was been dismissed.

Payments for equipment not delivered

A fraud was notified involving payments for IT equipment that was never delivered. While some irregularity had been identified and a member of staff dismissed, the full scale was not discovered until a few months after and totalled approximately £450,000.

Fraudulent claim for student finance support

The Student Loans Company (SLC) identified a suspicious pattern of applications for student finance support. Upon further investigation it transpired that an individual had made multiple claims for student support totalling £32,000 while allegedly attending two higher education institutions. Although the individual was creative in his fraudulent activities, the conduit to these frauds was the institutions' failure to notify the SLC of non-attendance in a timely manner. The individual enrolled on six different courses over a period of four years, but never attended any of them. Criminal proceedings were taken against the individual who was subsequently sentenced to serve three years.

Misuse of funds for expenses and overseas travel

A higher education institution identified that the leader of a project using grant funding (non-HEFCE), had misused approximately £15,000 of the funds for their personal benefit through expenses and overseas travel claims. The university enacted their fraud response plan, by carrying out a full investigation with frequent reporting to their audit committee and their internal and external auditors.

Private use of university equipment

A university discovered staff who were conducting private work with university-owned laboratories, equipment and consumables. An individual at the university was preparing scientific samples for outside organisations and invoicing the organisations personally. The individual also appears to have paid other staff in cash to assist.

The matter was identified when an outside body made a BACS payment to the university which could not be matched to an invoice. The investigation has identified a trail of evidence going back to 1988 and approximately £76,000 in total. There is no evidence that funds were misappropriated from university bank accounts.

Theft of cash

A university reported that approximately £43,000 has been taken from the cash of the front of house sales of its theatre. This arose due to failures in the cash handling process. Two members of staff were dismissed for gross negligence and the university notified the police.

Use of funds for personal expenditure

A university reported collusion between senior staff in a small academic unit that enabled approximately £33,000 of institution funds to be claimed in respect of personal expenditure by a member of staff. The institution dismissed one member of staff and another resigned. The university reviewed control arrangements in the small number of similar sized units at the institution and guidance on the use of discretionary funds.

Consultancy payments

A university reported a fraud that related to consultancy payments. A form was presented for payment but payroll staff were suspicious because of the size of the payment and the lack of details were provided about the nature of the work. The approver confirmed that his signature had been forged. A review of other payments to the same 'consultant' revealed 34 small payments over four years totalling £107,000. The university identified the person responsible from a log that recorded who had been issued the batch of payment forms.

Funds for foreign students

A university recruited students from Nigeria who were to be sponsored by one of the country's regional governments. An agent was involved but the agreements were clear that the agent was not to be involved in the financial aspects of the relationship. In the event the regional government chose to pay the agent who then passed on funds to the university. Although the first instalment was made without incident, the agent directed the second stream of funding back to Nigeria to support the regional governor's personal political aspirations. The state government would not pay the university (having paid the agent) and the agent, despite many promises to do so, did not make any further payments to the university.

Unsupported cash withdrawals

A university reported a senior member of staff made cash withdrawals which could not be supported by appropriately authorised documentation. The member of staff was dismissed following a disciplinary procedure. The university commissioned internal audit to investigate this matter to determine how these issues arose.

Fake award certificates

A university informed us of a police investigation into an ex-member of staff who had also worked at another university accused of issuing fake award certificates in return for favours. The Head of Internal Audit conducted a full investigation and controls have been improved. No evidence of any financial loss or erroneous data entries was found. The ex-employee had already been dismissed from the university in relation to an unrelated disciplinary matter. The defendant was found guilty.

Diversion of payments

The Director of an Institute informed HEFCE that they had uncovered a fraud whereby a person had issued invoices containing private bank account details for payment. This was identified through normal credit control procedures. The value of the fraud is believed to be around £70, 000. The staff member resigned and the police investigated. Internal Audit carried out a review of the controls.

Application for finance

An application for loan finance, supposedly for the purchase of printers, was made in the institution's name by persons unconnected with the institution. The signature of the head of the institution had been forged and the institution's logo had been used on the application. This was identified when the finance company contacted the institution, and before any payments had been made. The matter is being dealt with by police.

Theft of cash and cheques

Approximately £900 in cash and cheques from the sale of CDs at a jazz summer school was stolen. Internal audit investigation established that there had been inadequate controls in place, and the person responsible for this resigned. The police were informed.

Misdirected research funds

£25,000 of research funds were incorrectly paid to an academic staff member of a university. When this was detected and pointed out, the funds were returned. Internal audit investigated this. Dishonest intent was not established.

Altered cheques

An employee of a university subsidiary company intercepted cheques made out to the company and altered them to become payable to himself. Internal audit investigated this and the police were informed. The employee was dismissed, charged and convicted. Losses were estimated at £45,000. Fraud controls have since been updated.

Goods obtained at university's expense then sold on

A member of a university's staff ordered low-value electronic goods through the university's procurement system then sold them on eBay, pocketing the proceeds. Internal audit investigated and the police were informed. It was established that the fraud had gone on for seven years and losses were estimated at between £150,000 and £225,000. An insurance claim was lodged. The member of staff was dismissed and charged. Procedures were tightened up.

Bogus invoices from an overseas intermediary

A university received bogus invoices from a Kuwait intermediary. Two invoices, totalling between £20,000 and £50,000, were paid before the university realised. The university managed the situation and employed an investigative company (Control Risks) to pursue the matter.

Cloned cheques

A bank reconciliation revealed six cloned cheques charged to a university bank account and overall 13 such cheques, totalling £65,000, had been passed. The bank (NatWest) reimbursed the university. This was reported to the police.

Collusion to defraud

Two external organisations colluded to defraud a university. This was identified and prevented. The police were informed.

False charges raised and intercepted

Over a four year period an employee in a university department raised false charges for medical sample analysis and took the money. The department transferred to the NHS and the NHS Counter Fraud Service and the university's internal auditors investigated the matter.

Collusive tendering and overcharging for building work

A university maintenance officer took advantage of poor controls and ignored procedures over a number of years, allowing a small local building firm to repeatedly win tenders for small capital works. The unsuccessful tenderers were the same on each occasion, and were either fictitious or acting in collusion. Internal audit discovered and investigated this and the police and Office of Fair Trading were informed. Overcharging was estimated at £87,000 for recent work, with a possible total of £900,000 overcharged for work carried out. Action was taken against the university employee.

Bogus research grant

A principal investigator (PI) obtained a research grant from a charity. Salaries, travel and other expenses were paid by the university, and charged against the research grant. The initial instalment of grant was paid over to the university, but subsequent ones were not, delaying tactics being employed in response to queries. Eventually credit controllers alerted management, the research project was cancelled, and the relevant research staff made redundant. On investigation it emerged that the charity was bogus and the PI appeared to be linked with the charity. Approximately £125,000 was misappropriated.

Telephone account hijacked

A university telephone system was hacked into, from or via an overseas location, and used to make 8,000 international calls over a seven-week period, before the university were alerted to the unusual call pattern. The system loophole was fixed. The university recovered losses of £145,000 through insurance and the telephone service supplier.

Irregular payroll payments

A temporary staff member in a university payroll department, acquired via a staff agency, made a number of irregular payments. Upon discovery and investigation, it emerged that the references, and probably also the identity of the temporary staff member - who had left - were fake. Losses were estimated at £10,500.


The Chief Executive, and the book keeper, of a university subsidiary company colluded to make bogus patent charges and to divert patent fees amounting to £8 million over a period of 12 years when this was discovered. £2 million of this may be recoverable.


Page last updated 1 June 2016