InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. Cyber Alert: Surrey and Sussex Schools Targeted by Phishing and Ransomware Attacks
Gemini API error (404): The model 'gemini-2.0-flash-exp' was not found on the v1beta endpoint. Please try a different model (e.g., gemini-1.5-pro-002) in the plugin settings. Detailed error: models/gemini-2.0-flash-exp is not found for API version v1beta, or is not supported for generateContent. Call ListModels to see the list of available models and their supported methods.
Information/Cyber Security

Cyber Alert: Surrey and Sussex Schools Targeted by Phishing and Ransomware Attacks

The SEROCU (South East Organised Crime Unit) has advised schools across Surrey and Sussex to be aware of a rise in M365 phishing emails.

Over the past week investigation teams have identified four separate incidents where schools were compromised, with at least one case escalating into a ransomware attack.  The email sent to schools:

Over the past week, our Surrey/Sussex investigations team has received reports of - and is investigating - four incidents involving schools who have been impacted by attacks originating from phishing emails. These convincing phishing emails require users to visit a fake M365 login page, and at least one of the schools has suffered a ransomware attack off the back of these.

 We are sharing this current attack method when delivering our inputs to school staff, however, if you are able to put out a message too, that would help us to reach more schools. Currently, our only messages are to remind staff to be vigilant, and to ensure that the school is delivering training around phishing risks, alongside implementing multi-layered defences including MFA on account credentials, as per this NCSC guidance infographic: https://www.ncsc.gov.uk/guidance/phishing (feel free to share this on if useful)

How Schools Can Protect Themselves

To mitigate the risk of falling victim to these campaigns, authorities and the National Cyber Security Centre (NCSC) recommend a multi-layered approach to security:

  1. Mandatory MFA: Implement Multi-Factor Authentication (MFA) on all account credentials. MFA provides a critical second line of defence; even if a password is stolen via a phishing site, the attacker cannot gain access without the secondary verification code.

  2. Verify Before You Click: Staff should be encouraged to scrutinise emails requesting login actions. Check the sender’s address carefully and hover over links to see the true destination URL before clicking.

  3. Regular Training: Schools must ensure that all staff members—from administration to teaching faculty—undergo regular phishing awareness training to recognize the evolving tactics used by hackers. Review the DfE Digital Standards which refers to annual cyber training for anyone that has access to your systems.

  4. Follow NCSC Guidance: The NCSC provides a comprehensive phishing guidance that serves as an essential resource for identifying and reporting suspicious activity.

Reporting Suspicious Activity

If a staff member believes they have entered their credentials into a suspicious site, they should contact their IT department immediately to reset passwords and secure the account.

By staying informed and implementing robust security layers, schools can protect their sensitive data and ensure that the classroom remains a safe environment—both physically and digitally.

©2025 Data Protection Education Ltd.

Search