Dubai British School was subjected to a tactic known as ‘password spraying’, a technique that weakens passwords. Image Credit: Supplied

DUBAI: A British school in Dubai has warned parents about a cyber attack on its network last week, but has reassured them that necessary action has been taken to safeguard student and parent information.

Clive Pierrepont, Communications Consultant with the Taaleem education group which runs the Dubai British School, Jumeirah Park, told Gulf News, “We communicated the incident in a detailed statement to parents last week. The phishing attack was one of many that are unfortunately growing more prevalent in our ever connected, online lives. The attackers leveraged a tactic known as ‘password spraying’, a technique that exploits weak passwords and managed to compromise a number of staff email accounts.”

He said, “The incident was recognised and dealt with within hours of the failed attack. The hackers gained very limited access, and our system resisted further attempts to circumvent the additional layers of our network security. The attack did not result in any data breaches.”

Pierrepont said, “We encourage all schools to enforce strong passwords and two factor authentication (2FA) within their organisations.”

We encourage all schools to enforce strong passwords and two factor authentication (2FA) within their organisations.

- Clive Pierrepont, Communications Consultant with Taaleem education group which runs Dubai British School

In a circular sent out to parents earlier, the school said the IT team at DBS JP had identified and re-set all compromised accounts, blocked ambiguous URL links and attackers’ IPs from their systems.

It said since the breach, the school had some instances where hackers had sent emails posing as staff from DBS JP and Taaleem to its staff and parents. It also had fake accounts set up to mimic a DBS account that asked parents to click a dropbox link. Another sent a PDF file for a possible rebate, while yet another was a ransomware email that told recipients to send bitcoins or risk having illicit activities by the recipient shared on the internet.

The school warned parents that these were fake messages and part of a phishing scam and advised them to delete suspicious messages, not click on any links and inform the school if they found anything amiss.

The school said there were giveaways in phishing attacks like typos; Also, the school would never send an email with a dropbox link, and Taaleem does not directly send communications to parents regarding any accounts and that the communication would always come from the school.

What is a phishing attack?

It is a ploy to gather personal information by using deceptive email. The aim is to trick the recipient into believing that the email is from a credible source and the message is something they would not miss and get them to click a link or download an attachment. It is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details.

Telltale signs of a phishing attack

■ The email is not directly addressed to the recipient

■ It is usually poorly written with grammatical errors

■ They urge recipients to verify the email by using a link provided

■ It carries suspicious attachments

■ Contains links to official looking sites asking you to enter sensitive data