Customer login        Request a quote 
SBS Blog > Phishing Emails Targeting Schools: What Education Staff Need to Know

Phishing Emails Targeting Schools: What Education Staff Need to Know

Schools and trusts are being targeted by increasingly sophisticated phishing emails designed to steal credentials and compromise systems. Learn how staff can identify suspicious messages, reduce cyber risk, and strengthen security awareness across their organisation.

Phishing Emails Targeting Schools: What Education Staff Need to Know
Tags: ICT   |   Posted on 12th May 2026   |   Read time 6 minutes   |   Share: | | |

 

Schools and trusts are continuing to face a growing number of cyber threats, with phishing emails remaining one of the most common and effective attack methods used by cybercriminals. 

We are currently seeing an ongoing phishing campaign specifically targeting education staff. These emails are designed to appear legitimate and often reference secure messaging platforms such as Egress in an attempt to gain trust and encourage recipients to interact with malicious links. 

As phishing attacks become increasingly sophisticated, it is essential that schools and trusts remain vigilant and ensure staff know how to identify and respond to suspicious emails. 
 

What Does the Current Phishing Email Campaign Look Like? 

The phishing email typically claims that the recipient has received a “secure email” and prompts them to open or access the message via a link or verification process. 

Because many organisations across the education sector use secure email platforms for legitimate communication, these emails can appear convincing at first glance. Attackers often imitate trusted organisations, branding, and formatting to make the message look authentic. 

The aim is simple: persuade the recipient to click a malicious link, download harmful content, or enter login credentials and verification codes.

Why Schools Are Being Targeted 

Schools and trusts manage large volumes of sensitive information, including: 

  • Pupil and staff records 
  • Financial and payroll data 
  • Safeguarding information 
  • Access to cloud systems and shared platforms 

Cybercriminals know that education environments are busy, fast-moving, and highly collaborative, making them attractive targets for phishing campaigns. 

A single compromised account can potentially provide attackers with access to wider systems, confidential data, or additional users within the organisation. 
 

Signs an Email May Be a Phishing Attempt

While phishing emails are becoming more convincing, there are still several warning signs staff should look out for: 

Unexpected Secure Email Notifications: If you were not expecting a secure message, treat the email with caution. 

Suspicious Links or Attachments: Avoid clicking links or downloading attachments unless you are completely certain the message is genuine. 

Requests for Login Details or Verification Codes: Legitimate organisations should never pressure users into urgently providing passwords or authentication codes via email. 

Unusual Sender Addresses: Phishing emails often use email addresses that closely resemble legitimate organisations but contain subtle spelling changes or unfamiliar domains. 

A Sense of Urgency: Attackers frequently try to create panic or urgency to encourage quick action without careful checking.

Best Practice for Schools and Trusts 

Reducing the risk of phishing attacks requires both technical safeguards and strong staff awareness.  

We recommend the following steps for all education settings: 

  • Encourage Staff Vigilance 

Regular reminders and awareness campaigns help keep cyber security front of mind for staff across the organisation. 

  • Verify Before Interacting 

If there is any doubt about an email, staff should avoid interacting with it and seek advice from their ICT support provider or internal IT team. 

  • Report Suspicious Emails Immediately 

Early reporting can help prevent wider compromise and allows ICT teams to investigate potential threats quickly. 

  • Use Multi-Factor Authentication (MFA) 

MFA adds an additional layer of security and can help prevent attackers from gaining access even if credentials are compromised. 

  • Deliver Ongoing Cyber Security Training 

Phishing awareness training helps staff recognise evolving attack methods and respond appropriately. 
 

Staying Secure Together 

Cyber threats continue to evolve, but awareness remains one of the most effective defences schools and trusts have against phishing attacks. 

Encouraging a culture of caution, reporting, and cyber awareness can significantly reduce risk and help protect staff, pupils, and sensitive organisational data. 

If your school or trust receives suspicious emails or requires support with cyber security, phishing awareness, or ICT protection measures, ensure concerns are escalated to your ICT support team or Service Desk as soon as possible. 

Remaining vigilant today can help prevent serious disruption tomorrow.

How SBS Supports Schools with Cyber Security and ICT

At SBS, we work closely with schools and trusts to help strengthen cyber security, improve resilience, and support staff in responding to emerging threats such as phishing attacks. 

Our ICT services include: 

  • Proactive cyber security support 
  • Email and account protection 
  • Monitoring and threat response 
  • Staff awareness guidance 
  • Secure cloud and network solutions 
  • Service Desk support for schools and trusts 

Find out more about our ICT Services

As cyber threats across the education sector continue to evolve, having the right technical support and security measures in place is more important than ever. 

If you would like to learn more about how SBS can support your school or trust with ICT services and cyber security, please get in touch with our team.

Contact us

 

Conor Wilson | Senior Account Manager

Rob Wright

Principal IT Engineer

Connect with Rob Wright

 

Get sector Insights delivered straight to your inbox.

Subscribe to to the SBS Blog and never miss an update.

Subscribe today