20/06/2023

Examination Officers Being Targeted 

Summary 

During examination periods, key members of school staff are being targeted by criminals who attempt to steal exam papers. These papers can then be sold ahead of exams taking place, giving some students an unfair advantage. 

How it works 

The criminals typically use two methods to obtain the usernames and passwords of examination officers: 

• Data breaches: When companies experience data breaches, criminals often sell the usernames and passwords of their victims on the dark web. You can check if your email address has been affected by a data breach by visiting https://haveibeenpwned.com  

• Phishing: Criminals send emails that appear to be from legitimate sources, such as exam boards or school administrators. These emails often contain links or attachments that, when clicked, install malware on the victim's computer. This malware can then be used to steal the victim's passwords. 

Once the criminals have access to an examination officer's email account, they can reset the passwords for other accounts that the victim uses, such as their social media accounts or their bank accounts. This gives the criminals access to download and sell exam papers before exams take place. 

What you can do to protect yourself 

• Make sure your staff know that the information they have access to is valuable to criminals. Remind them to be careful about what information they share online, and to never click on links or open attachments in emails from unknown senders. 

• Check to see if your email address has been found in data breaches. If it has, you should change your passwords for all of the accounts that use that email address. 

• Raise awareness of phishing and how it relates to examination paper theft. Use resources such as Sophos Phish Threat: https://sophosphish.lgfl.net to train your staff on how to spot and avoid phishing emails. 

• Use strong passwords that are unique for each account. A good password should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols. 

• Use multi-factor authentication (MFA) whenever possible. MFA adds an extra layer of security by requiring you to enter a code from your phone in addition to your password when you log in to an account. 

• Keep your virus protection up to date. Make sure that your antivirus software is up to date and that it is scanning your computer for malware on a regular basis. LGfL schools can user Sophos Intercept X Advanced – https://sophos.lgfl.net 

• Complete the NCSC Cyber Security Training for school staff. This training will teach your staff about the latest cyber security threats and how to protect themselves. https://booking.lgfl.net/book/add/p/33 

What to do if you think your account has been compromised 

If you think your account has been compromised, you should immediately change your password and notify your IT support team. You should also report the incident to the relevant authorities. 

By following these tips, you can help to protect yourself and your school from cyber attacks.