A phishing scam has been targeting schools this year. Liam Robinson, ANME member and network manager, has looked into this in detail and offers a way forward
At the end of January 2019, a wide range of phishing emails were sent to schools across the country – and continue to spread like wildfire. The scam works a little like this:
- User receives a phishing email, asking to ‘click here to display message’.
- User is redirected to a fake login page telling them their session has expired (or variation of).
- User logs in with email and password.
- The ‘hacker’ now has these credentials.
- The compromised email account is used to send emails to as many people on the contact list as possible, often replying to past emails with the same subject line, making the victim believe it is a legitimate email.
- The process is repeated and, due to the nature of schools, most users will collaborate with other schools. As a result, hundreds of schools are receiving these messages.
You never know what’s around the corner – but there are steps you can take to protect your school’s email accounts from future attacks and remove spam that has already made its way into users’ mailboxes.
Liam has put together a really helpful, step-by-step guide, with images, to take you through the process of dealing with this threat.