ICT Services 4 Education

Phishing attack in Norfolk Schools

 

Following an incident this week which impacted a large number of schools/academies, this is to explain what happened and the steps to take if your account was compromised.

Some Norfolk schools have had their genuine email accounts compromised and were sending out phishing emails, that we know about, with a PDF attachment called:

  • Confidential Document #Ref 2209
  • Secure Document #Ref 2209
  • FYI #2209
  • Confidential Document Ref #1103

 

These emails are not from the school.  Please also be cautious about any other PDF documents you receive with similar titles as they are frequently changing. 

Please do not open the document and simply delete the email, and make sure it is also deleted from your deleted items folder. If you have opened the document, do not enter the Microsoft credentials that it asks for as this will take you to a fake Microsoft website that captures your login details.

We have blocked the following URLs for schools that use Capita, Rydal and Schools Broadband with NCC support. If you have a different provider, we suggest that you/they block:

 

I have clicked on the link and logged in with my credentials:

If you have completed anything on the above links, please contact your IT support immediately to change your log in credentials and follow the guidelines to reporting a phishing attack:

  • Report the incident to Action Fraud - https://www.actionfraud.police.uk/
  • Discuss with your Data Protection Officer (DPO) regarding whether it needs to be reported to the Information Commissioners Office (ICO) under GDPR guidelines.

Please also check the rules on your mailbox as they may have been changed.  We have seen emails rules created to send financial information to a “Conversation History” or all incoming emails to the Delete folder.

 

Other applications using the same credentials.

If your account has been compromised, and you use the same credentials for other applications (i.e. MIS, CPOMS, text systems) please arrange for these passwords to be changed immediately as well.

 

Free staff training available.

As a reminder, National Cyber Security Centre offers free training for schools to raise awareness and help school staff manage some of the key cyber threats facing schools.  More information about the training is available https://www.ncsc.gov.uk/information/cyber-security-training-schools


Quick Links

Close