Can you spot a Scam Email?

With the ever increasing use of digital and online resources, schools are more at risk than ever to fall victim to online scams and system hacks.

One of the key cyber risks for schools is scam emails being received and opened by staff.  Scam emails can place your school’s system at risk of privacy and data breaches, system downtime and significant financial cost.

Scam emails – what are they?

Scam emails are unsolicited emails that are sent by cyber criminals that typically represent they are from a trusted organisation and either include links to malicious software to infiltrate a computer system/network or request that the recipient provide sensitive information to enable fraudulent access to financial and other services.

They are designed to entice the recipient to click a link or provide details that enable cyber crimes to be committed.

How to spot them

Scam emails are becoming more and more sophisticated by cyber criminals, making them harder to spot, so it is important that you educate your staff and students about the risks associated with scam emails to ensure they are able to identify them and respond appropriately.

You should train your staff to look out for these signs if an email seems suspicious.

  1. The sender’s email address. The email address of the sender should match the organisation they are purportedly representing and the contents of the email.
  2. Non-personalised addressee. Mass emails sent to thousands of people by scammers wont be personally addressed to the recipient. If the email isn’t personally addressed, this may be a red flag.
  3. Recipient asked to provide personal information. A government agency or large organisation will never ask a person to provide personal information by text or email. Any email which requests the provision of personal information should be treated with a high level of caution. If the recipient is in doubt about the legitimacy of the email, they should call the company to verify.
  4. Inconsistencies in language, messaging and font. If an email reads with different tenses and/or has inconsistent fonts, this may be a red flag for a scam email.
  5. URL links not to sender’s website. If there is a URL link in an email, hover your cursor over it. If it does not match the sender’s details (i.e. if it does not look like it will take the reader to the sender’s website), it should not be clicked on without further verification.
  6. Misspelling key content. Email addresses, company names, core content. Keep an eye out for subtle misspellings!
  7. Language that creates a sense of urgency. Scammers will commonly try to create a sense of urgency in readers to get them to click without thinking.

Steps to protect your school

The approach to cyber security, including managing scam emails, needs to be multi-pronged. Below are some steps and considerations that your school should enact to protect itself from cyber crime risks.
  1. Critically review and analyse the implementation and use of current and new IT systems, to make sure they meet the safety requirements expected of your school.
  2. Install and use only reputable software programs and security programs.
  3. Update your software regularly. Software developers and providers are constantly updating their products to protect against cyber risks. Maintaining out of date software creates greater risk for your school Accordingly, you should register for notifications about software updates and ensure those updates are installed.
  4. Implement multi-factor authentication where possible. Devices and systems hosting sensitive information should be protected by multi-factor authentication where possible.
  5. Use Domain Name Server (DNS) web-based filtering service to block high-risk websites.
  6. Have a documented policy and procedure for the creation of strong passwords, changed regularly, and restricted use of removeable media like USB sticks, DVDs, CDs, memory cards.
  7. Ensure your school maintains an appropriate Incident Response Plan so that can be put into action in the event of a cyber crime event to minimise and mitigate the damage that can occur.
  8.  Provide regular training to staff on:
    1. Cyber safety, including scam emails and security of information;
    2. The proper use of IT systems in your school;
    3. The school’s incident response plan.
We have previously written about the importance of incident response plans when it comes to data management and breaches. You can access the article here.

How can Brennan Law Partners assist?

Remember, cyber security is not just an IT issue. It is an essential part of your whole school operations and every person at your school has a role in preventing cyber-crime. The concept of cyber security must be built into all of your school’s practices and all the people at your school.

If you suspect that a cyber security breach has occurred and require assistance to respond, contact us immediately.

We can help you prepare an Incident Response Plan ensure that you are positioned to respond appropriately should an unfortunate breach occur. We also provide onsite staff seminars on cyber risk, as well as other topics of interest.

If you have any questions regarding any information in this BLP Brief, we welcome you to contact us at any time.
This is meant as a guide only and should not be taken as legal advice.

Question? Comment? We’re here to help so talk to us!