Dear Colleagues,

 

There are a number of wide-spread email phishing campaigns being distributed which we should all remain aware and vigilant of. Please disseminate this information immediately to all staff and governors. My thanks in anticipation.

 

What is a phishing email?

Phishing is an attempt by an attacker who will masquerade as a trustworthy entity/contact to acquire information.

Usually when such an email is received, the sender is reliant upon the recipient forwarding the email on or responding.

 

For example: a phish may generate an email posing as your Headteacher requesting that you click on a ‘secure link’ and input your username and password, or ‘pay an urgent invoice’ to gain access to the Academy bank details.

 

How to spot a phishing email:

 

Here are the most common signs of an email phishing attempt to watch for:

 

• The message may contain a mismatched URL / email address (when you hover on the URL, the email address will not be a trusted source)
• The URL may contain a misleading domain name (for example; ABC@KCSP.COM may appear as ABC@KSCP.COM
• The message may contain poor spelling and grammar or content that is not typically used by the person purporting to have sent the email;
• The message may ask for personal information (bank details / passwords);
• The contents of the email may seem too good to be true;
• You didn’t initiate the action (for example, you haven’t placed an order with that company / you haven’t participated in that competition);
• You are asked to send money or asked to pay an urgent invoice you are not aware of or is outside of normal process;
• The message contains threats, unrealistic or otherwise (if you do not respond then your contacts will be sent a message from you, or if you do not comply then your computer will be locked);
• Something just doesn’t look right (email signature / wording / request / content);

 

What should you do if you receive an email you are unsure of?

If you believe you have received a suspicious email – DO NOT FORWARD IT, DO NOT RESPOND.

Contact your IT administrator (EIS or similar), and notify the Data Protection Officerdpo@kcsp.org.uk

 

What can you do protect your Academy?

• Email addresses displayed on your Academy websites should be displayed as : nameATacademy.com rather than name@academy.com – this prevents web bots from crawling the website and harvesting email addresses for spam or phishing purposes.
• Remain vigilant and always check the email. If in doubt, call the sender to verify whether the email has been sent from a trustworthy source.

 

Ongoing Training

The Data Protection Officer is currently reviewing training for data leads and senior leaders, and a communication will be sent shortly. In the meantime, please ensure that all staff and governors remain aware and vigilant, some of our academies have received such emails.

 

Thank you and should this give rise to any queries, please do not hesitate to get in touch.

 

 

Michelle Boniface

Company Secretary and Data Protection Officer