Cyber Attacks – Email Hacking

24 March 2023

The Counter Fraud Team have received six referrals this week from schools that are being targeted by cyber criminals resulting in email accounts being hacked.

Cybercriminals are sending phishing emails to staff email accounts at the school. The emails could appear to have been sent from Microsoft or even an email from another school, however, the phishing attempts do change. The emails could appear genuine and requires staff to enter their login credentials. The credentials are then harvested by the cybercriminal.

The cybercriminal will then use the credentials to log in. The majority of accounts will have two-factor authentication so a request will be received by the member of staff to the authenticate the log in attempt. If this is accepted by the member of staff, the cybercriminal has access to the Microsoft Account including emails and Microsoft Teams.

It has been reported in some instances that emails are then being sent by cybercriminals from the hacked email to their finance staff requesting payment of an invoice. Due to the email being sent from a genuine email account this could lead to a financial loss to the schools.

The Counter Fraud Team are also aware of suppliers’ emails being hacked in this way, which has resulted in cybercriminals targeting schools and asking for payment of services or goods into a new bank account.

Schools should:

  • Be Aware - Ensure that staff are aware of Cyber Security risks including phishing emails, free training created by the National Cyber Security Centre for schools is available or the MCSC website
  • Challenge - Staff should check emails to ensure they’re genuine such as looking who they have been sent from and always challenge the type of request being sent, does it look right? Staff should remain vigilant and never enter their credentials after opening email.
  • Stop - If a new request has been sent by a member of staff at the school or a supplier where a payment is required, or there has been a change of bank account. Stop, don’t respond over email, telephone them through the number you have saved to confirm if the request was genuine.

If you suspect that a member of staff at school has fallen victim to a cyber enabled crime, please refer to the Emergency Planning for Schools in Kent 2022/23 Edition, Pages 61 to 66, and report to internal.audit@kent.gov.uk or phone 03000 41 45 00.