Important: School phishing attempt

Recently an Oxfordshire school contacted the IBC (Shared Services) to report a phishing attempt to access a teacher’s Employee Self-Service (ESS) account. 

The school had updated the email address of the employee in the IBC portal through ‘Manage personal email’. Fortunately, two parts of the process helped ensure this was a near miss and not a cyber breach.

1. Email addresses entered using ‘Manage personal email’ update overnight so a user can’t re-register with ESS immediately.

2. The employee received a notification that their email had been changed and reported to the school they hadn’t requested this. 

Always take time to check 

The school has given permission for the anonymised transcript (pdf, 43kb) to be shared, to remind all schools about the importance of making an independent check to establish the validity of any requests. 

The conversation between the fraudster and the school had some important clues that everyone should look out for. These are: changes in grammar, punctuation, the urgency of messages and taking place during the school day when the teacher would have been busy. 

Staying vigilant is key to staying ahead of potential cyber-attacks and keeping systems and data safe.