Something smells Phishy

More and more commonly, those annoying emails requesting our personal details keep finding their way into our inbox. This is called phishing. Email scams are now alarmingly sophisticated, personalised and as a result, much more dangerous. Hackers are taking the time to craft messages tailored to a single recipient, meaning that even experienced users can be fooled. The email is intended to trick you into entering personal information like usernames or passwords by containing a link which takes you to a website. The fraudster can use these details to send out harmful emails such as a bank account change to the ESFA resulting in funds being sent to the fraudsters’ bank account.

With the growing emphasis on keeping sensitive information, it is more important than ever not to be caught out by hackers. Academies are not exempt from these emails and recently there have been several cyber-attacks that have targeted education providers resulting in financial losses.

Below are some tips to look out for when receiving a suspicious email;

  1. Legitimate Organisations don’t request sensitive information – Most companies will not request information such as passwords, bank details, references over email. This is an immediate red flag that the email may be suspicious.
  2. Legitimate Organisations are more likely to call you by your name – Phishing emails often call the recipient not by their name but by a generic title, perhaps something like ‘Dear Valued Customer or Dear Account Holder’. If the company doesn’t know your name, it is likely that it is suspicious.
  3. Legitimate Organisations have domain emails – This is often the biggest teller when rooting out cyber-attacks. When looking at the address the email has been sent from it is often an unusual domain name or potentially the expected address with 1 or 2 spelling mistakes. Always check this and check that the email address matches that of the usually trusted company.
  4. Legitimate Organisations don’t send unsolicited attachments – Typically, trusted companies don’t send random attachments with instructions on the email it is attached to. A trusted company will direct you to download the documents on their website.

Following the above tips should ensure that you are not caught out by these hackers. Further to this, from an education perspective if you do receive any that are education specific then we would advise you to contact Fraud.REPORTS@education.gov.uk and inform them of the suspicious email.