How to spot a phishing attack at your school

in ,
Phishing email

Today’s blog is from Lloyd Passingham, Arbor’s Senior DevSecOps Engineer. Before joining Arbor, Lloyd served in the military, bringing a unique perspective to his work in security. Passionate about safeguarding information and empowering others, Lloyd is dedicated to protecting Arbor’s data and fostering a strong culture of security both within the organisation and beyond.

Phishing attacks are a common way cybercriminals attempt to gain access to systems or steal sensitive information, with attacks against schools increasing year on year. These attacks disguise themselves as routine communications, such as incomplete attendance registers, payment issues, or even messages from your MIS. In a busy school environment, it’s easy to mistake a phishing email as a genuine request.

The best defence is learning how to identify phishing attempts. By educating yourself on what phishing looks like and how to report it, you can help keep your own and your school’s data safe. 

What is phishing? 

Phishing is a method used by criminals to trick people into sharing sensitive information or clicking harmful links via fake emails, text messages, or phone calls. Their goals often include:

  • Stealing personal data like login credentials or sensitive information
  • Installing malware on devices to cause further damage
  • Manipulating victims into sending money

Attackers often impersonate trusted individuals or organisations, such as your headteacher, MIS provider, or even Ofsted, to make their messages seem legitimate.

How to spot a phishing attack

Phishing tactics have become more sophisticated as criminals get smarter and use new tools like AI, making attacks harder to spot. Criminals now use convincing language and fewer grammatical errors to appear credible. Despite this, phishing emails often contain tell-tale signs. Watch for these red flags:

Urgency

Scammers try to quickly gain your trust. They aim to pressure you into acting without thinking. Messages that pressure you to act quickly (e.g., “respond immediately” or “within 24 hours”) often aim to bypass your critical thinking.

Authority

Is the message claiming to be from someone official? For example, your headteacher, Ofsted, The DfE, or your MIS provider. Criminals often pretend to be important people or organisations to trick you into doing what they want. 

Emotion

Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more by clicking on a link or downloading an attachment.

Current events

Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like census) to make their scam seem more relevant to you.

Questionable links or attachments

As a best practice, never click on any hyperlinks or download any attachments from emails you aren’t expecting. You can verify the validity of a link by hovering over the link without clicking and checking if the URL is consistent with what you’re expecting.

Unreasonable request

Are you being strongly compelled to follow a link, open an attachment, or submit credentials? Does the message warn of dire consequences if you fail to respond? Is this the kind of language the sender would normally use? These can be clues that someone is pretending to be as someone they aren’t. If it seems unusual, trust your gut and report it to your security team right away.

How to check if an email is genuine

If you have any doubts about a message, stop the conversation and think. Try to contact the organisation directly to verify. Don’t use any phone numbers of email addresses given to you – use the details from the official website or any contact details you have previously recorded. Any well-meaning person will understand that you’re trying to keep safe: verifying requests is a normal thing to do.

Mitigate phishing attacks by enabling two-factor authentication

You can greatly reduce the impact of phishing attacks by enabling two-factor authentication (2FA). With 2FA, even if a criminal gains someone’s password, they won’t be able to access systems without the second layer of security (often a mobile phone or physical device).
For guidance on enabling 2FA in Arbor visit our Help Centre article: Setting up two-factor authentication for School and MAT MIS users 

What to do when you receive a phishing email

Here are five steps to take if you suspect you have received a phishing email:

1. Avoid clicking links or downloading attachments 

Opening a link might be enough to compromise your computer or take over any active login sessions you have. Attachments may contain malware that could damage your computer or spread through the network.

2. Don’t reply to the sender

 Engaging with the email confirms your address is active, making you a future target.

3. Report the email, then delete

Notify your IT or security team through your school’s reporting process. They can investigate and warn others.Share details with colleagues to help them avoid falling for the same scam. Once confirmed as phishing, delete the email and empty your trash folder to prevent accidental exposure.

You can also forward suspicious emails that you think are a scam to the National Cyber Security Centre at report@phishing.gov.uk. For more information, click here.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud here.

4. Strengthen your security

  • Change your password immediately: Ensure it’s unique and strong. Update it on other systems if reused elsewhere
  • Enable Two-Factor Authentication to strengthen account security

5. Contact your IT Team

They’re there to help mitigate risks and secure systems if necessary

Final thoughts

Phishing attacks are a persistent threat, but with the right precautions and a cautious mindset, you can help protect your school’s systems and sensitive information. Remember, it’s always better to verify than to assume. By reporting suspicious emails and encouraging others to do the same, you contribute to a safer and more secure environment for everyone.

Keep up with the rest of our cybersecurity series here

How to build a strong cybersecurity culture in your school

Read more

How Arbor keeps your data backed up

Read more

How Arbor keeps your data safe

Read more

What to do if your school gets a ransomware attack

Read more

You might also like:

Discover more from Arbor

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Overview
Arbor

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Essential Cookies

Essential Cookies should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Non-Essential Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Powered by  GDPR Cookie Compliance