Over the past 24 hours our school emails have been part of a malicious attack in the form of phishing. The original email seems to have made its way through our systems via another school who have recently been affected with this threat in the same way as we have experienced as many schools across the country have been affected.
The threat manifests itself as an email such as that shown below with a green button saying ‘display message’ or a randomised link, the spam emails are pretty sophisticated as they seem to use email subjects from our sent items to appear as genuine emails. The link is dangerous and contributes to the spread of the scam.
What happens if I have clicked on ‘display message’ and what is Phishing?
Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords and potentially credit card information by disguising itself as a trustworthy source. If you have clicked on ‘display message’ you will see that it will take you to an login page to log into your emails. If you have entered your email details here then these will be saved by the scammer and used unlawfully. In this particular incident, it will forward any previously sent items to the original recipient with this link. Please change your password immediately if you think you have entered your details at this stage. There does not appear to be any malicious payload associated with this exploit, it just harvests email addresses.
Stay safe, if it doesn’t look right then don’t click it – as a rule we would never send correspondence to you with a link to sign into your emails.
Apologies for any inconvenience caused.