Action Fraud has raised an alert concerning a new wave of ransomware attacks targeting education institutions in the UK. According to the police, “fraudsters are posing [as] government officials in order to trick people into installing ransomware which encrypts files on victims’ computers”.
How the scam works
Schools received phone calls from someone claiming to be from the Department of Education who requested information — such as the personal email and phone number of the head teacher or financial administrator — for the supposed purpose of forwarding various guidance forms.
Once the scammer had obtained an email address, they sent an email with a zip file attachment that had been infected by ransomware. As soon as the recipient downloaded the attachment, the ransomware locked and encrypted computer files and asked for a ransom of up to £8,000 to regain access.
A combination of vishing and phishing tactics
Analysing the scam shows that it’s composed of two distinct techniques:
- Vishing – fraudulent phone calls made to harvest information that can be later used for a more complex scam.
- Spear-phishing – targeted malicious emails inviting recipients to provide sensitive information or download malware-infected files.
In both cases, being familiar with how these tactics work can reduce the risk of falling victim.
Raise awareness of phishing attacks
Malware and ransomware are often sent by email because of its convenience: it’s easy and cheap for criminals to send an email, and it’s common for staff to receive them. Understanding whether or not an email is fraudulent is not as complicated as it may seem; the experts at IT Governance have compiled a list of tips and tricks to help staff check the legitimacy of unsolicited emails that come to their inbox.
Tip #1: Check for grammar and spelling mistakes – many malicious emails are written in poor English.
Tip #2: Don’t click on links – hover your mouse over them to check whether the address looks weird.