Counter Fraud Team alert: fake Office 365 link
18 July 2025
The KCC Counter Fraud Team have been made aware of a fraud incident made against one of the schools within the county.
A fraudster has managed to hack into a school's Business Manager's email account. They sent a fake Office 365 link requesting authentication and the staff member clicked on it believing it was genuine. This triggered a multi-factor authentication prompt which the fraudster managed to use to gain access to the account. The fraudster then sent out numerous scam emails to other staff members, personal contacts, suppliers and pupils parents.
A staff member that received one of the scam emails did the correct thing in contacting the Business Manager concerned to confirm. It was at this stage that the hack was identified. The school immediately took appropriate action to mitigate damage to those in receipt of the scam emails, and IT closed down the hack and all protections are now in place.
The attempted fraud was reported to KCC Counter Fraud Team at internal.audit@kent.gov.uk.
Actions
Ensure you don’t share your passwords, do not use an easily guessed password as fraudsters will do open-source checks to find out information such as social media.
Whenever you get an email asking for any bank account payment details to be changed, be that staff, contractors, suppliers always check with the contact details you already have with that person or company.
If you notice that a received invoice is different or the payment details are not the same as those on record, check again with the sender that the information is correct.
A phone call is best as if the subjects email or online accounts have been targeted the fraudster may be monitoring them.
Also use a phone number you already have on record and not one that is contained within the email requesting the change, the fraudster will control any phone number they email to you.
Criminals are experts at impersonating people, businesses and the police. They spend hours researching your business for their scams, hoping you will let your guard down for just a moment.
Remember
Stop: If you receive a request to make an urgent payment, change supplier bank details or provide financial information, take a moment to stop and think.
Challenge: Could it be fake? Verify all payments and supplier details directly with the company or individual on a known phone number or in person first.
Protect: Contact your business’ bank immediately if you think you’ve been scammed and report it to Action Fraud online or by calling 0300 123 2040.
Advice can be found on the Take Five website: