Phishing email warning for schools

Phishing email warning for schools

Posted  30th January 2018
phishing emails posing as headteacher

We have had reports of school staff receiving phishing emails from senders posing as colleagues

What activity has been reported?

  • A member of staff (such as the School Business Manager) receives an email with a request to process a "Faster Payment" to a new beneficiary, with 'Payee details attached'.
  • The sender's email address could appear very similar to a school's website domain with a slightly different version of the username. For example would appear as
  • In a similar scenario, the school can receive an email from 'headteachername', at a domain not related to the school email address, such as
  • The email asks the member of staff their availability to make a payment
  • The email contains 'Payee details attached'
  • The member of staff may receive an email from a different domain asking that they transfer a sum of money to a new bank account number and sort code provided

What should schools do?

  • Be vigilant about emails from unknown sources that request payments
  • Double check the email address of emails received asking for payments, especially the username
  • Only share email addresses with trusted sources
  • Do not open any files attached to an email unless you know what it is and who it is from
  • Update your anti-virus software regularly
  • Be prepared. Backup school files offsite on a regular basis
This should be treated as a serious security threat as schools can lose thousands of pounds.

More information and additional resources

This development follows on from our blogs in previous years about schools receiving Vishing (‘Voice phishing’) phone calls from fraudsters posing as ‘Department of Education’ officials. Please be aware that school staff are receiving phishing emails posing as headteachers that request payment transfers.
Sophos Phishy Flowchart - click to view: phishing emails posing as headteacher
Sophos Anti-Phishing Toolkit Guide - click to view: phishing emails posing as headteacher

Keeping up-to-date with SBS news

We will keep you informed with any developments and advice. You can also follow our Twitter feed for regular updates. For more information, please see our previous guidance on phishing email scams.
Contact us if you are unsure, require more information or if you are concerned that you have been targeted by fraudulent emails on 0345 222 1551 • Option 1 (existing ICT customers) or 0345 222 1551 • Option 5 (non-ICT customers).