Phishing is a key weapon of cybercriminals, and here at N4L, we’re seeing a rise in the amount of phishing emails being sent to schools.
Phishing, also known as email scams or email fraud, usually involves an email appearing to be from a reputable company or known person that tries to trick the recipient into revealing personal information, like a password or bank account details. This can enable cybercriminals to install malware or gain unauthorised access to systems to profit financially or steal data.
In recent months, the team at N4L became aware of a targeted campaign of phishing emails impacting some New Zealand schools. The campaign began in December, ramped up in January and continued into March.
The most common method for these attacks has been through schools’ email systems being infiltrated and then legitimate email addresses used to send out spam or phishing emails to users both inside the school and externally.
These types of phishing emails commonly feature a link to an invoice with a request to view it. If the link is clicked, the user will see a web page (commonly Microsoft Forms or Mailchimp pages) with further links to open the invoice document. These links then lead to a phishing site looking like a Microsoft login page. If the user enters their login credentials, this can provide malicious actors with unauthorised access to their Microsoft account or whichever account they enter.
Microsoft log-ins are valuable because they enable cybercriminals to potentially access financial and administrative information including personally identifiable information. Once an attacker has access to an account, they might download files and emails or extract data including sensitive information about ākonga, kaiako and the wider school whānau. They can sign up to services, impersonate the school and damage its reputation online. And, of course, they can send more phishing emails, continuing the cycle.
How Email Protection helped
N4L’s Email Protection added a layer of defence against the phishing emails, with the threat detection improving as this significant campaign progressed, to the point where 100% of emails were eventually being blocked before they entered inboxes.
Where emails did enter inboxes, schools with Email Protection benefited from a faster, more efficient response from our Security team. When we identified a malicious link, we immediately blocked any further clicks on those links for all schools that had Email Protection. This rapid response and impacted user identification by the N4L Security team was not possible for schools that did not have Email Protection.
It’s a team effort – what schools can do in response
Attacks like these are alarming, but there is a lot your school can do to help lower risks and help educate the school community to not fall for these emails.
Ensuring everyone knows that the phishing campaign is circulating can help prevent these attacks is one thing, and we’ve recently posted guidance on some other actions schools can take. It’s also great to educate your school community on how to spot phishing emails and the dangers of these – check out our previous blog and some wider advice on email threats, scams and spam.
If you click on a phishing link
Clicking on a phishing link can happen to anyone. If you or anyone at your school has noticed a phishing message or inadvertently clicked on a link, act quickly to minimise the damage:
- Contact your IT support person or team and work with them to change your password as soon as possible.
- Report the case to N4L so we can help protect yours and other schools from its impact as well as provide guidance on what to do next.
Want Email Protection for your school?
N4L’s Email Protection is fully funded for eligible schools and kura, check out our video for an overview of how it works.
Get in touch on 0800 532 764 or email [email protected] – the team will be happy to help get you started.
Read more about how N4L helps schools and kura stay more secure online here.
Want to see more stories like this? Subscribe to our updates.